Skip to content

Build(deps-dev): bump @tailwindcss/postcss from 4.1.18 to 4.2.1#569

Open
dependabot[bot] wants to merge 2 commits intomainfrom
dependabot/npm_and_yarn/tailwindcss/postcss-4.2.1
Open

Build(deps-dev): bump @tailwindcss/postcss from 4.1.18 to 4.2.1#569
dependabot[bot] wants to merge 2 commits intomainfrom
dependabot/npm_and_yarn/tailwindcss/postcss-4.2.1

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Mar 2, 2026
edited
Loading

Bumps @tailwindcss/postcss from 4.1.18 to 4.2.1.

Release notes

Sourced from @​tailwindcss/postcss's releases.

v4.2.1

Fixed

  • Allow trailing dash in functional utility names for backwards compatibility (#19696)
  • Properly detect classes containing . characters within curly braces in MDX files (#19711)

v4.2.0

Added

  • Add mauve, olive, mist, and taupe color palettes to the default theme (#19627)
  • Add @tailwindcss/webpack package to run Tailwind CSS as a webpack plugin (#19610)
  • Add pbs-* and pbe-* utilities for padding-block-start and padding-block-end (#19601)
  • Add mbs-* and mbe-* utilities for margin-block-start and margin-block-end (#19601)
  • Add scroll-pbs-* and scroll-pbe-* utilities for scroll-padding-block-start and scroll-padding-block-end (#19601)
  • Add scroll-mbs-* and scroll-mbe-* utilities for scroll-margin-block-start and scroll-margin-block-end (#19601)
  • Add border-bs-* and border-be-* utilities for border-block-start and border-block-end (#19601)
  • Add inline-*, min-inline-*, max-inline-* utilities for inline-size, min-inline-size, and max-inline-size (#19612)
  • Add block-*, min-block-*, max-block-* utilities for block-size, min-block-size, and max-block-size (#19612)
  • Add inset-s-*, inset-e-*, inset-bs-*, inset-be-* utilities for inset-inline-start, inset-inline-end, inset-block-start, and inset-block-end (#19613)
  • Add font-features-* utility for font-feature-settings (#19623)

Fixed

  • Prevent double @supports wrapper for color-mix values (#19450)
  • Allow whitespace around @source inline() argument (#19461)
  • Emit comment when source maps are saved to files when using @tailwindcss/cli (#19447)
  • Detect utilities containing capital letters followed by numbers (#19465)
  • Fix class extraction for Rails' strict locals (#19525)
  • Align @utility name validation with Oxide scanner rules (#19524)
  • Fix infinite loop when using @variant inside @custom-variant (#19633)
  • Allow multiples of .25 in aspect-* fractions (e.g. aspect-8.5/11) (#19688)
  • Ensure changes to external files listed via @source trigger a full page reload when using @tailwindcss/vite (#19670)
  • Improve performance of Oxide scanner in bigger projects by reducing file system walks (#19632)
  • Ensure import aliases in Astro v5 work without crashing when using @tailwindcss/vite (#19677)
  • Allow escape characters in @utility names to improve support with formatters such as Biome (#19626)
  • Fix incorrect canonicalization results when canonicalizing multiple times (#19675)
  • Add .jj to default ignored content directories (#19687)

Deprecated

  • Deprecate start-* and end-* utilities in favor of inset-s-* and inset-e-* utilities (#19613)
Changelog

Sourced from @​tailwindcss/postcss's changelog.

[4.2.1] - 2026-02-23

Fixed

  • Allow trailing dash in functional utility names for backwards compatibility (#19696)
  • Properly detect classes containing . characters within curly braces in MDX files (#19711)

[4.2.0] - 2026-02-18

Added

  • Add mauve, olive, mist, and taupe color palettes to the default theme (#19627)
  • Add @tailwindcss/webpack package to run Tailwind CSS as a webpack plugin (#19610)
  • Add pbs-* and pbe-* utilities for padding-block-start and padding-block-end (#19601)
  • Add mbs-* and mbe-* utilities for margin-block-start and margin-block-end (#19601)
  • Add scroll-pbs-* and scroll-pbe-* utilities for scroll-padding-block-start and scroll-padding-block-end (#19601)
  • Add scroll-mbs-* and scroll-mbe-* utilities for scroll-margin-block-start and scroll-margin-block-end (#19601)
  • Add border-bs-* and border-be-* utilities for border-block-start and border-block-end (#19601)
  • Add inline-*, min-inline-*, max-inline-* utilities for inline-size, min-inline-size, and max-inline-size (#19612)
  • Add block-*, min-block-*, max-block-* utilities for block-size, min-block-size, and max-block-size (#19612)
  • Add inset-s-*, inset-e-*, inset-bs-*, inset-be-* utilities for inset-inline-start, inset-inline-end, inset-block-start, and inset-block-end (#19613)
  • Add font-features-* utility for font-feature-settings (#19623)

Fixed

  • Prevent double @supports wrapper for color-mix values (#19450)
  • Allow whitespace around @source inline() argument (#19461)
  • Emit comment when source maps are saved to files when using @tailwindcss/cli (#19447)
  • Detect utilities containing capital letters followed by numbers (#19465)
  • Fix class extraction for Rails' strict locals (#19525)
  • Align @utility name validation with Oxide scanner rules (#19524)
  • Fix infinite loop when using @variant inside @custom-variant (#19633)
  • Allow multiples of .25 in aspect-* fractions (e.g. aspect-8.5/11) (#19688)
  • Ensure changes to external files listed via @source trigger a full page reload when using @tailwindcss/vite (#19670)
  • Improve performance of Oxide scanner in bigger projects by reducing file system walks (#19632)
  • Ensure import aliases in Astro v5 work without crashing when using @tailwindcss/vite (#19677)
  • Allow escape characters in @utility names to improve support with formatters such as Biome (#19626)
  • Fix incorrect canonicalization results when canonicalizing multiple times (#19675)
  • Add .jj to default ignored content directories (#19687)

Deprecated

  • Deprecate start-* and end-* utilities in favor of inset-s-* and inset-e-* utilities (#19613)
Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot bot commented on behalf of github Mar 2, 2026

Labels

The following labels could not be found: dependencies, npm. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@code-genius-code-coverage
Copy link
Copy Markdown

code-genius-code-coverage bot commented Mar 2, 2026

The files' contents are under analysis for test generation.

@dependabot dependabot bot mentioned this pull request Mar 2, 2026
Closed
@github-actions github-actions bot added the size/L Denotes a PR that changes 100-499 lines, ignoring generated files. label Mar 2, 2026
@socket-security
Copy link
Copy Markdown

socket-security bot commented Mar 2, 2026
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updatedtailwindcss@​4.1.18 ⏵ 4.2.1100 +110084 +198100
Updated@​tailwindcss/​postcss@​4.1.18 ⏵ 4.2.1100 +110010098100

View full report

@socket-security
Copy link
Copy Markdown

socket-security bot commented Mar 2, 2026
edited
Loading

Caution

Review the following alerts detected in dependencies.

According to your organization's Security Policy, you must resolve all "Block" alerts before proceeding. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Block Low
Dynamic module loading: npm lightningcss

Location: Package overview

From: package-lock.jsonnpm/vite@7.3.1npm/@tailwindcss/postcss@4.2.1npm/lightningcss@1.31.1

ℹ Read more on: This package | This alert | What is dynamic require?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should avoid dynamic imports when possible. Audit the use of dynamic require to ensure it is not executing malicious or vulnerable code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/lightningcss@1.31.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

@deepsource-io
Copy link
Copy Markdown

deepsource-io bot commented Mar 2, 2026
edited
Loading

DeepSource Code Review

We reviewed changes in ccf8f9c...8929166 on this pull request. Below is the summary for the review, and you can see the individual issues we found as inline review comments.

See full review on DeepSource ↗

PR Report Card

Overall Grade   Security  

Reliability  

Complexity  

Hygiene  

Coverage  

Code Review Summary

Analyzer Status Updated (UTC) Details
Test coverage Mar 4, 2026 1:33p.m. Review ↗
Secrets Mar 4, 2026 1:33p.m. Review ↗
JavaScript Mar 4, 2026 1:33p.m. Review ↗

Code Coverage Summary

Language Line Coverage (Overall)
Aggregate
93.8%
Javascript
93.8%

➟ Additional coverage metrics may have been reported. See full coverage report ↗

@guibranco guibranco enabled auto-merge (squash) March 2, 2026 01:55
@gstraccini gstraccini bot added the ☑️ auto-merge Automatic merging of pull requests (gstraccini-bot) label Mar 2, 2026
guibranco
guibranco approved these changes Mar 2, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@guibranco guibranco left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Automatically approved by gstraccini[bot]

@gstraccini gstraccini bot added the 🤖 bot Automated processes or integrations label Mar 2, 2026
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/tailwindcss/postcss-4.2.1 branch from 1628083 to 0c2407a Compare March 3, 2026 18:12
@dependabot
Build(deps-dev): bump @tailwindcss/postcss from 4.1.18 to 4.2.1
bb6e08c 
Bumps [@tailwindcss/postcss](https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/@tailwindcss-postcss) from 4.1.18 to 4.2.1.
- [Release notes](https://github.com/tailwindlabs/tailwindcss/releases)
- [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tailwindlabs/tailwindcss/commits/v4.2.1/packages/@tailwindcss-postcss)

---
updated-dependencies:
- dependency-name: "@tailwindcss/postcss"
  dependency-version: 4.2.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/tailwindcss/postcss-4.2.1 branch from 0c2407a to bb6e08c Compare March 4, 2026 11:34
@github-actions
Copy link
Copy Markdown

github-actions bot commented Mar 4, 2026

Infisical secrets check: ✅ No secrets leaked!

💻 Scan logs 
2026-03-04T13:32:53Z INF scanning for exposed secrets...
1:32PM INF 471 commits scanned.
2026-03-04T13:32:53Z INF scan completed in 372ms
2026-03-04T13:32:53Z INF no leaks found

@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud bot commented Mar 4, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot bot commented on behalf of github Mar 23, 2026

A newer version of @​tailwindcss/postcss exists, but since this PR has been edited by someone other than Dependabot I haven't updated it. You'll get a PR for the updated version as normal once this PR is merged.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@guibranco guibranco guibranco approved these changes

@gstraccini gstraccini[bot] gstraccini[bot] approved these changes

Assignees

@guibranco guibranco

Labels

☑️ auto-merge Automatic merging of pull requests (gstraccini-bot) 🤖 bot Automated processes or integrations size/L Denotes a PR that changes 100-499 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@guibranco