Skip to content

[Snyk] Upgrade tailwindcss from 3.3.2 to 4.1.11 #197

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[Snyk] Upgrade tailwindcss from 3.3.2 to 4.1.11 #197

wants to merge 1 commit into from

Conversation

@nerdy-tech-com-gitub
Copy link
Owner

snyk-top-banner

Snyk has created this PR to upgrade tailwindcss from 3.3.2 to 4.1.11.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

  • The recommended version is 99 versions ahead of your current version.

  • The recommended version was released 2 months ago.

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-BABELHELPERS-9397697		 140 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-BABELRUNTIME-10044504		 140 Proof of Concept
critical severity Incomplete List of Disallowed Inputs
SNYK-JS-BABELTRAVERSE-5962462		 140 Proof of Concept
high severity Excessive Platform Resource Consumption within a Loop
SNYK-JS-BRACES-6838727		 140 Proof of Concept
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-CROSSSPAWN-8303230		 140 Proof of Concept
medium severity Inefficient Regular Expression Complexity
SNYK-JS-MICROMATCH-6838728		 140 No Known Exploit
medium severity Improper Input Validation
SNYK-JS-NANOID-8492085		 140 No Known Exploit
low severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-BRACEEXPANSION-9789073		 140 Proof of Concept
Release notes
Package name: tailwindcss
  • 4.1.11 - 2025-06-26

    Fixed

    • Add heuristic to skip candidate migrations inside emit(…) (#18330)
    • Extract candidates with variants in Clojure/ClojureScript keywords (#18338)
    • Document --watch=always in the CLI's usage (#18337)
    • Add support for Vite 7 to @ tailwindcss/vite (#18384)
  • 4.1.10 - 2025-06-11

    Fixed

    • Fix incorrectly generated CSS when using percentages in arbitrary values with calc (e.g. w-[calc(100%-var(--offset))]) (#18289)
  • 4.1.9 - 2025-06-11

    Fixed

    • Correctly parse custom properties with strings containing semicolons (#18251)
    • Upgrade: Migrate arbitrary modifiers without percentage signs to bare values (e.g. /[0.16]/16) (#18184)
    • Upgrade: Migrate CSS variable shorthands where fallback value contains function call (#18184)
    • Upgrade: Migrate negative arbitrary values to negative bare values (e.g. mb-[-32rem]-mb-128) (#18212)
    • Upgrade: Do not migrate blur in wire:model.blur (#18216)
    • Don't add spaces around CSS dashed idents when formatting math expressions (#18220)
  • 4.1.8 - 2025-05-28

    Added

    • Improve error messages when @ apply fails (#18059)

    Fixed

    • Upgrade: Do not migrate declarations that look like candidates in <style> blocks (#18057, 18068)
    • Upgrade: Don't error when looking for tailwindcss in pnpm monorepos (#18065)
    • Upgrade: Don't error when updating dependencies in pnpm monorepos (#18065)
    • Upgrade: Migrate deprecated order-none to order-0 (#18126)
    • Support Leptos class: attributes when extracting classes (#18093)
    • Fix "Cannot read properties of undefined" crash on malformed arbitrary value (#18133)
    • Upgrade: Migrate -mt-[0px] to mt-[0px] instead of the other way around (#18154)
    • Fix Haml pre-processing crash when there is no \n at the end of the file (#18155)
    • Ignore .pnpm-store folders by default (can be overridden by @ source … rules) (#18163)
    • Fix PostCSS crash when calling toJSON() (#18083)
  • 4.1.7 - 2025-05-15

    Added

    • Upgrade: Migrate bare values to named values (#18000)
    • Upgrade: Added cache to improve template migration performance (#18025)

    Fixed

    • Allow _ before numbers during candidate extraction (#17961)
    • Prevent duplicate suggestions when using @ theme and @ utility together (#17675)
    • Ensure that media queries within ::before and ::after pseudo selectors create valid CSS rules in production builds (#17979)
    • Ensure that the standalone CLI does not leave temporary files behind (#17981)
    • Ensure -rotate-* utilities properly negate arbitrary values (#18014)
    • Ignore custom variants using :merge(…) selectors in legacy JS plugins (#18020)
    • Ensure classes containing . are properly extracted from Clojure files (#18038)
    • Upgrade: Fix error when using @ import … source(…) (#17963)
    • Upgrade: Change casing of utilities with named values to kebab-case to match updated theme variables (#18017)
    • Upgrade: Don't migrate strings that match utility names in Vue attribute bindings other than class (#18025)
  • 4.1.6 - 2025-05-09

    Added

    • Upgrade: Automatically convert arbitrary values to named values when possible (e.g. h-[1lh] to h-lh) (#17831, #17854)
    • Upgrade: Update dependencies in parallel for improved performance (#17898)
    • Add detailed logging about @ source directives, discovered files and scanned files when using DEBUG=* (#17906, #17952)
    • Add support for generating source maps in development (#17775)

    Fixed

    • Ensure negative arbitrary scale values generate negative values (#17831)
    • Fix HAML extraction with embedded Ruby (#17846)
    • Don't scan files for utilities when using @ reference (#17836)
    • Fix incorrectly replacing _ with in arbitrary modifier shorthand bg-red-500/(--my_opacity) (#17889)
    • Don't scan .log files for classes by default (#17906)
    • Ensure that custom utilities applying other custom utilities don't swallow nested @ apply rules (#17925)
    • Download platform specific package if optionalDependencies are skipped (#17929)
  • 4.1.5 - 2025-04-30

    Added

    • Support using @ tailwindcss/upgrade to upgrade between versions of v4.* (#17717)
    • Add h-lh / min-h-lh / max-h-lh utilities (#17790)
    • Transition display, visibility, content-visibility, overlay, and pointer-events when using transition to simplify @ starting-style usage (#17812)

    Fixed

    • Don't scan .geojson or .db files for classes by default (#17700, #17711)
    • Hide default shadow suggestions when missing default shadow theme keys (#17743)
    • Replace _ with . in theme suggestions for @ utility if surrounded by digits (#17733)
    • Skip color-mix(…) when opacity is 100% (#17815)
    • PostCSS: Ensure that errors in imported stylesheets are recoverable (#17754)
    • Upgrade: Bump all Tailwind CSS related dependencies during upgrade (#17763)
    • Upgrade: Don't add - to variants starting with @ (#17814)
    • Upgrade: Don't format stylesheets that didn't change when upgrading (#17824)
  • 4.1.4 - 2025-04-14

    Added

    • Add experimental @ tailwindcss/oxide-wasm32-wasi target for running Tailwind in browser environments like StackBlitz (#17558)

    Fixed

    • Ensure color-mix(…) polyfills do not cause used CSS variables to be removed (#17555)
    • Ensure color-mix(…) polyfills create fallbacks for theme variables that reference other theme variables (#17562)
    • Fix brace expansion in declining ranges like {10..0..5} and {0..10..-5} (#17591)
    • Work around a Chrome rendering bug when using the skew-* utilities (#17627)
    • Ensure container query variant names can contain hyphens (#17628)
    • Ensure shadow-inherit, inset-shadow-inherit, drop-shadow-inherit, and text-shadow-inherit inherit the shadow color (#17647)
    • Ensure compatibility with array tuples used in fontSize JS theme keys (#17630)
    • Ensure folders with binary file extensions in their names are scanned for utilities (#17595)
    • Upgrade: Convert fontSize array tuple syntax to CSS theme variables (#17630)
  • 4.1.3 - 2025-04-04

    Fixed

    • Show warning when using unsupported bare value data type in --value(…) (#17464)
    • PostCSS: Ensure changes to the input CSS file don't generate stale output when using Turbopack (#17554)
    • Ensure classes are detected in Ruby's %w syntax in Slim templates (#17557)
  • 4.1.2 - 2025-04-03
  • 4.1.1 - 2025-04-02
  • 4.1.0 - 2025-04-01
  • 4.0.17 - 2025-03-26
  • 4.0.16 - 2025-03-25
  • 4.0.15 - 2025-03-20
  • 4.0.14 - 2025-03-13
  • 4.0.13 - 2025-03-11
  • 4.0.12 - 2025-03-07
  • 4.0.11 - 2025-03-06
  • 4.0.10 - 2025-03-05
  • 4.0.9 - 2025-02-25
  • 4.0.8 - 2025-02-21
  • 4.0.7 - 2025-02-18
  • 4.0.6 - 2025-02-10
  • 4.0.5 - 2025-02-08
  • 4.0.4 - 2025-02-06
  • 4.0.3 - 2025-02-01
  • 4.0.2 - 2025-01-31
  • 4.0.1 - 2025-01-29
  • 4.0.0 - 2025-01-21
  • 4.0.0-beta.10 - 2025-01-21
  • 4.0.0-beta.9 - 2025-01-09
  • 4.0.0-beta.8 - 2024-12-17
  • 4.0.0-beta.7 - 2024-12-13
  • 4.0.0-beta.6 - 2024-12-06
  • 4.0.0-beta.5 - 2024-12-04
  • 4.0.0-beta.4 - 2024-11-29
  • 4.0.0-beta.3 - 2024-11-27
  • 4.0.0-beta.2 - 2024-11-22
  • 4.0.0-beta.1 - 2024-11-21
  • 4.0.0-alpha.36 - 2024-11-21
  • 4.0.0-alpha.35 - 2024-11-20
  • 4.0.0-alpha.34 - 2024-11-14
  • 4.0.0-alpha.33 - 2024-11-12
  • 4.0.0-alpha.32 - 2024-11-11
  • 4.0.0-alpha.31 - 2024-10-30
  • 4.0.0-alpha.30 - 2024-10-24
  • 4.0.0-alpha.29 - 2024-10-23
  • 4.0.0-alpha.28 - 2024-10-17
  • 4.0.0-alpha.27 - 2024-10-15
  • 4.0.0-alpha.26 - 2024-10-03
  • 4.0.0-alpha.25 - 2024-09-24
  • 4.0.0-alpha.24 - 2024-09-12
  • 4.0.0-alpha.23 - 2024-09-05
  • 4.0.0-alpha.22 - 2024-09-05
  • 4.0.0-alpha.21 - 2024-09-02
  • 4.0.0-alpha.20 - 2024-08-23
  • 4.0.0-alpha.19 - 2024-08-09
  • 4.0.0-alpha.18 - 2024-07-25
  • 4.0.0-alpha.17 - 2024-07-04
  • 4.0.0-alpha.16 - 2024-06-07
  • 4.0.0-alpha.15 - 2024-05-08
  • 4.0.0-alpha.14 - 2024-04-09
  • 4.0.0-alpha.13 - 2024-04-04
  • 4.0.0-alpha.12 - 2024-04-04
  • 4.0.0-alpha.11 - 2024-03-27
  • 4.0.0-alpha.10 - 2024-03-21
  • 4.0.0-alpha.9 - 2024-03-13
  • 4.0.0-alpha.8 - 2024-03-11
  • 4.0.0-alpha.7 - 2024-03-08
  • 4.0.0-alpha.6 - 2024-03-07
  • 4.0.0-alpha.5 - 2024-03-06
  • 4.0.0-alpha.4 - 2024-03-06
  • 4.0.0-alpha.3 - 2024-03-06
  • 4.0.0-alpha.2 - 2024-03-06
  • 4.0.0-alpha.1 - 2024-03-05
  • 3.4.17 - 2024-12-17
  • 3.4.16 - 2024-12-03
  • 3.4.15 - 2024-11-14
  • 3.4.14 - 2024-10-15
  • 3.4.13 - 2024-09-23
  • 3.4.12 - 2024-09-17
  • 3.4.11 - 2024-09-11
  • 3.4.10 - 2024-08-13
  • 3.4.9 - 2024-08-08
  • 3.4.8 - 2024-08-07
  • 3.4.7 - 2024-07-25
  • 3.4.6 - 2024-07-16
  • 3.4.5 - 2024-07-15
  • 3.4.4 - 2024-06-05
  • 3.4.3 - 2024-03-27
  • 3.4.2 - 2024-03-27
  • 3.4.1 - 2024-01-05
  • 3.4.0 - 2023-12-19
  • 3.3.7 - 2023-12-18
  • 3.3.6 - 2023-12-04
  • 3.3.5 - 2023-10-25
  • 3.3.4 - 2023-10-24
  • 3.3.3 - 2023-07-13
  • 3.3.2 - 2023-04-25
from tailwindcss GitHub release notes

Important

  • Warning: This PR contains a major version upgrade, and may be a breaking change.
  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

@snyk-bot
feat: upgrade tailwindcss from 3.3.2 to 4.1.11
1cb4b9c 
Snyk has created this PR to upgrade tailwindcss from 3.3.2 to 4.1.11.

See this package in npm:
tailwindcss

See this project in Snyk:
https://app.snyk.io/org/nerds-github/project/153eba7a-11b4-45c6-abd8-51b93eeaa31c?utm_source=github&utm_medium=referral&page=upgrade-pr
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@nerdy-tech-com-gitub @snyk-bot