Update dependency tailwindcss to v4

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
tailwindcss (source)	^3.0.15 -> ^4.0.0

---

Release Notes

tailwindlabs/tailwindcss (tailwindcss)

v4.1.11

Compare Source

Fixed

• Add heuristic to skip candidate migrations inside emit(…) (#​18330)
• Extract candidates with variants in Clojure/ClojureScript keywords (#​18338)
• Document --watch=always in the CLI's usage (#​18337)
• Add support for Vite 7 to @tailwindcss/vite (#​18384)

v4.1.10

Compare Source

Fixed

• Fix incorrectly generated CSS when using percentages in arbitrary values with calc, e.g.: w-[calc(100%-var(--offset))] (#​18289)

v4.1.9

Compare Source

Fixed

• Correctly parse custom properties with strings containing semicolons (#​18251)
• Upgrade: Migrate arbitrary modifiers without percentage signs to bare values (e.g. /[0.16] → /16) (#​18184)
• Upgrade: Migrate CSS variable shorthands where fallback value contains function call (#​18184)
• Upgrade: Migrate negative arbitrary values to negative bare values (e.g. mb-[-32rem] → -mb-128) (#​18212)
• Upgrade: Do not migrate blur in wire:model.blur (#​18216)
• Don't add spaces around CSS dashed idents when formatting math expressions (#​18220)

v4.1.8

Compare Source

Added

• Improve error messages when @apply fails (#​18059)

Fixed

• Upgrade: Do not migrate declarations that look like candidates in <style> blocks (#​18057, 18068)
• Upgrade: Don't error when looking for tailwindcss in pnpm monorepos (#​18065)
• Upgrade: Don't error when updating dependencies in pnpm monorepos (#​18065)
• Upgrade: Migrate deprecated order-none to order-0 (#​18126)
• Support Leptos class: attributes when extracting classes (#​18093)
• Fix "Cannot read properties of undefined" crash on malformed arbitrary value (#​18133)
• Upgrade: Migrate -mt-[0px] to mt-[0px] instead of the other way around (#​18154)
• Fix Haml pre-processing crash when there is no \n at the end of the file (#​18155)
• Ignore .pnpm-store folders by default (can be overridden by @source … rules) (#​18163)
• Fix PostCSS crash when calling toJSON() (#​18083)

v4.1.7

Compare Source

Added

• Upgrade: Migrate bare values to named values (#​18000)
• Upgrade: Added cache to improve template migration performance (#​18025)

Fixed

• Allow _ before numbers during candidate extraction (#​17961)
• Prevent duplicate suggestions when using @theme and @utility together (#​17675)
• Ensure that media queries within ::before and ::after pseudo selectors create valid CSS rules in production builds (#​17979)
• Ensure that the standalone CLI does not leave temporary files behind (#​17981)
• Ensure -rotate-* utilities properly negate arbitrary values (#​18014)
• Ignore custom variants using :merge(…) selectors in legacy JS plugins (#​18020)
• Ensure classes containing . are properly extracted from Clojure files (#​18038)
• Upgrade: Fix error when using @import … source(…) (#​17963)
• Upgrade: Change casing of utilities with named values to kebab-case to match updated theme variables (#​18017)
• Upgrade: Don't migrate strings that match utility names in Vue attribute bindings other than class (#​18025)

v4.1.6

Compare Source

Added

• Upgrade: Automatically convert arbitrary values to named values when possible (e.g. h-[1lh] to h-lh) (#​17831, #​17854)
• Upgrade: Update dependencies in parallel for improved performance (#​17898)
• Add detailed logging about @source directives, discovered files and scanned files when using DEBUG=* (#​17906, #​17952)
• Add support for generating source maps in development (#​17775)

Fixed

• Ensure negative arbitrary scale values generate negative values (#​17831)
• Fix HAML extraction with embedded Ruby (#​17846)
• Don't scan files for utilities when using @reference (#​17836)
• Fix incorrectly replacing _ with in arbitrary modifier shorthand bg-red-500/(--my_opacity) (#​17889)
• Don't scan .log files for classes by default (#​17906)
• Ensure that custom utilities applying other custom utilities don't swallow nested @apply rules (#​17925)
• Download platform specific package if optionalDependencies are skipped (#​17929)

v4.1.5

Compare Source

Added

• Support using @tailwindcss/upgrade to upgrade between versions of v4.* (#​17717)
• Add h-lh / min-h-lh / max-h-lh utilities (#​17790)
• Transition display, visibility, content-visibility, overlay, and pointer-events when using transition to simplify @starting-style usage (#​17812)

Fixed

• Don't scan .geojson or .db files for classes by default (#​17700, #​17711)
• Hide default shadow suggestions when missing default shadow theme keys (#​17743)
• Replace _ with . in theme suggestions for @utility if surrounded by digits (#​17733)
• Skip color-mix(…) when opacity is 100% (#​17815)
• PostCSS: Ensure that errors in imported stylesheets are recoverable (#​17754)
• Upgrade: Bump all Tailwind CSS related dependencies during upgrade (#​17763)
• Upgrade: Don't add - to variants starting with @ (#​17814)
• Upgrade: Don't format stylesheets that didn't change when upgrading (#​17824)

v4.1.4

Compare Source

Added

• Add experimental @tailwindcss/oxide-wasm32-wasi target for running Tailwind in browser environments like StackBlitz (#​17558)

Fixed

• Ensure color-mix(…) polyfills do not cause used CSS variables to be removed (#​17555)
• Ensure color-mix(…) polyfills create fallbacks for theme variables that reference other theme variables (#​17562)
• Fix brace expansion in declining ranges like {10..0..5} and {0..10..-5} (#​17591)
• Work around a Chrome rendering bug when using the skew-* utilities (#​17627)
• Ensure container query variant names can contain hyphens (#​17628)
• Ensure shadow-inherit, inset-shadow-inherit, drop-shadow-inherit, and text-shadow-inherit inherit the shadow color (#​17647)
• Ensure compatibility with array tuples used in fontSize JS theme keys (#​17630)
• Ensure folders with binary file extensions in their names are scanned for utilities (#​17595)
• Upgrade: Convert fontSize array tuple syntax to CSS theme variables (#​17630)

v4.1.3

Compare Source

Fixed

• Show warning when using unsupported bare value data type in --value(…) (#​17464)
• PostCSS: Ensure changes to the input CSS file don't generate stale output when using Turbopack (#​17554)
• Ensure classes are detected in Ruby's %w syntax in Slim templates (#​17557)

v4.1.2

Compare Source

Fixed

• Don't rely on the presence of @layer base to polyfill @property (#​17506)
• Support setting multiple inset shadows as arbitrary values (#​17523)
• Fix drop-shadow-* utilities that are defined with multiple shadows (#​17515)
• PostCSS: Fix race condition when two changes are queued concurrently (#​17514)
• PostCSS: Ensure files containing @tailwind utilities are processed (#​17514)
• Ensure the color-mix(…) polyfill creates fallbacks even when using colors that cannot be statically analyzed (#​17513)
• Fix slow incremental builds with @tailwindcss/vite and @tailwindcss/postscss (especially on Windows) (#​17511)
• Vite: Fix missing CSS file in Qwik setups (#​17533)

v4.1.1

Compare Source

Fixed

• Disable padding in @source inline(…) brace expansion (#​17491)
• Inject polyfills after @import and body-less @layer (#​17493)
• Ensure @tailwindcss/cli does not contain an import for jiti (#​17502)

v4.1.0

Compare Source

Added

• Add details-content variant (#​15319)
• Add inverted-colors variant (#​11693)
• Add noscript variant (#​11929, #​17431)
• Add items-baseline-last and self-baseline-last utilities (#​13888, #​17476)
• Add pointer-none, pointer-coarse, and pointer-fine variants (#​16946)
• Add any-pointer-none, any-pointer-coarse, and any-pointer-fine variants (#​16941)
• Add safe alignment utilities (#​14607)
• Add user-valid and user-invalid variants (#​12370)
• Add wrap-anywhere, wrap-break-word, and wrap-normal utilities (#​12128)
• Add @source inline(…) and @source not inline(…) (#​17147)
• Add @source not "…" (#​17255)
• Add text-shadow-* utilities (#​17389)
• Add mask-* utilities (#​17134)
• Add bg-{position,size}-* utilities for arbitrary values (#​17432)
• Add shadow-*/<alpha>, inset-shadow-*/<alpha>, drop-shadow-*/<alpha>, and text-shadow-*/<alpha> utilities to control shadow opacity (#​17398, #​17434)
• Add drop-shadow-<color> utilities (#​17434)
• Improve compatibility with older versions of Safari and Firefox (#​17435)

Fixed

• Follow symlinks when resolving @source directives (#​17391)
• Don't scan ignored files for classes when changing an ignored file triggers a rebuild using @tailwindcss/cli (#​17255)
• Support negated content rules in legacy JavaScript configuration (#​17255)
• Interpret syntax like @("@​")md:… as @md:… in Razor files (#​17427)
• Disallow top-level braces, top-level semicolons, and unbalanced parentheses and brackets in arbitrary values (#​17361)
• Ensure the --theme(…) function still resolves to the CSS variables when using legacy JS plugins (#​17458)
• Detect used theme variables in CSS module files (#​17433, #​17467)

Changed

• Ignore node_modules by default (can be overridden by @source … rules) (#​17255)
• @source rules that include file extensions or point inside node_modules/ folders no longer consider your .gitignore rules (#​17255)
• Deprecate bg-{left,right}-{top,bottom} in favor of bg-{top,bottom}-{left,right} utilities (#​17378)
• Deprecate object-{left,right}-{top,bottom} in favor of object-{top,bottom}-{left,right} utilities (#​17437)

v4.0.17

Compare Source

Fixed

• Fix an issue causing the CLI to hang when processing Ruby files (#​17383)

v4.0.16

Compare Source

Added

• Add support for literal values in --value('…') and --modifier('…') (#​17304)

Fixed

• Fix class extraction followed by ( in Pug (#​17320)
• Ensure @keyframes for theme animations are emitted if they are referenced following a comma (#​17352)
• Vite: Ensure that updates to an imported CSS file are properly propagated after updating source files (#​17347)
• Pre process Slim templates embedded in Ruby files (#​17336)
• Error when input and output files resolve to the same file when using the CLI (#​17311)
• Add missing suggestions when --spacing(--value(integer, number)) is used (#​17308)
• Add ::-webkit-details-marker pseudo to marker variant (#​17362)

v4.0.15

Compare Source

Fixed

• Fix incorrect angle in -bg-conic-* utilities (#​17174)
• Fix border-[12px_4px] being interpreted as a border-color instead of a border-width (#​17248)
• Work around a crash in Safari 16.4 and 16.5 when using the default Preflight styles (#​17306)
• Pre-process <template lang="…"> in Vue files (#​17252)
• Ensure that all CSS variables used by Preflight are prefixed (#​17036)
• Prevent segfault when loaded in a worker thread on Linux (#​17276)
• Ensure multiple --value(…) or --modifier(…) calls don't delete subsequent declarations (#​17273)
• Fix class extraction followed by ( in Slim (#​17278)
• Export PluginUtils from tailwindcss/plugin for compatibility with v3 (#​17299)
• Remove redundant line-height: initial from Preflight (#​15212)
• Increase Standalone hardware compatibility on macOS x64 builds (#​17267)
• Ensure that the CSS file rebuilds if a new CSS variable is used from templates (#​17301)

Changed

• The --theme(…) function now returns CSS variables from your theme variables unless used inside positions where CSS variables are invalid (e.g. inside @media queries) (#​17036)

v4.0.14

Compare Source

Fixed

• Do not extract candidates with JS string interpolation ${ (#​17142)
• Fix extraction of variants containing . character (#​17153)
• Fix extracting candidates in Clojure/ClojureScript (#​17087)

v4.0.13

Compare Source

Fixed

• Fix Haml pre-processing (#​17051)
• Ensure .node and .wasm files are not scanned for utilities (#​17123)
• Improve performance when scanning JSON files (#​17125)
• Fix extracting candidates containing dots in Haml, Pug, and Slim pre processors (#​17094, #​17085, #​17113)
• Don't create invalid CSS when encountering a link wrapped in square brackets (#​17129)

v4.0.12

Compare Source

Fixed

• Vite: Fix url(…) rebasing in transitively imported CSS files (#​16965)
• PostCSS: Rebase url(…)s in imported CSS files (#​16965)
• Ensure utilities are sorted based on their actual property order (#​16995)
• Ensure strings in Pug and Slim templates are handled correctly (#​17000)
• Ensure classes between } and { are properly extracted (#​17001)
• Fix razor/cshtml pre-processing (#​17027)
• Ensure extracting candidates from JS embedded in a PHP string works as expected (#​17031)

v4.0.11

Compare Source

Fixed

• Ensure classes containing -- are extracted correctly (#​16972)
• Ensure classes containing numbers followed by dash or underscore are extracted correctly (#​16980)
• Ensure arbitrary container queries are extracted correctly (#​16984)
• Ensure classes ending in [ are extracted in Slim templating language (#​16985)
• Ensure arbitrary variables with data types are extracted correctly (#​16986)

v4.0.10

Compare Source

Added

• Add col-<number> and row-<number> utilities for grid-column and grid-row (#​15183)

Fixed

• Ensure not-* does not remove :is(…) from variants (#​16825)
• Ensure @keyframes are correctly emitted when using a prefix (#​16850)
• Don't swallow @utility declarations when @apply is used in nested rules (#​16940)
• Ensure outline-hidden behaves like outline-none outside of forced colors mode (#​16943)
• Allow !important on CSS variables again (#​16873)
• Vite: Do not crash when encountering an .svg file with # or ? in the filename (#​16957)
• Ensure utilities are properly detected within square brackets (#​16306)
• Ensure utilities are properly detected using Angular's conditional class binding syntax (#​16306)
• Ensure utilities starting with numbers are properly extracted from Slim templates (#​16306)
• Discard arbitrary property candidates that have guaranteed-invalid property names (#​16306)

Changed

• Removed max-w-auto and max-h-auto utilities as they generate invalid CSS (#​16917)
• Replaced the existing candidate extractor with a brand new extractor to improve maintainability, correctness, and performance (#​16306)

v4.0.9

Compare Source

Fixed

• Make JS APIs available to plugins and configs in the Standalone CLI (#​15934)
• Vite: Don't crash when importing a virtual module from JavaScript that ends in .css (#​16780)
• Fix an issue where @reference "…" would sometimes omit keyframe animations (#​16774)
• Ensure z-*! utilities are properly marked as !important (#​16795)
• Read UTF-8 CSS files that start with a byte-order mark (BOM) (#​16796)
• Ensure nested functions in selectors used with JavaScript plugins are not truncated (#​16802)

Changed

• Emit variable fallbacks when using @reference "…" instead of duplicate CSS variable declarations (#​16774)

v4.0.8

Compare Source

Added

• Allow @import with theme(…) options for stylesheets that contain more than just @theme rules (#​16514)

Fixed

• Don't add !important to CSS variable declarations when using the important modifier (#​16668)
• Vite: Ignore files and directories specified in your .gitignore file when using automatic source detection(#​16631)
• Vite: Don't rely on the module graph for detecting candidates to ensure setups with multiple Vite builds work as expected (#​16631)
• Vite: Ensure Astro production builds always contain classes used in client-only components (#​16631)
• Vite: Always scan raw file contents for utility classes before any other transforms have been applied to ensure utility classes are scanned without any additional escaping (#​16631)
• Ensure utilities with more declarations are always sorted before utilities with fewer declarations when utilities only define CSS variables (#​16715)
• Only include translate-z-px utilities once in compiled CSS (#​16718)

Changed

• Don't include theme variables that aren't used in compiled CSS (#​16211, #​16676)

v4.0.7

Compare Source

Fixed

• Export tailwindcss/lib/util/flattenColorPalette.js for backward compatibility (#​16411)
• Fix sorting of numeric utility suggestions when they have different magnitudes (#​16414)
• Show suggestions for fractions in IntelliSense (#​16353)
• Don’t replace _ in suggested theme keys (#​16433)
• Ensure --default-outline-width can be used to change the outline-width value of the outline utility (#​16469)
• Ensure drop shadow utilities don't inherit unexpectedly (#​16471)
• Export config and plugin types from tailwindcss/plugin for backward compatibility (#​16505)
• Ensure JavaScript plugins that emit nested rules referencing the utility name work as expected (#​16539)
• Statically link Visual Studio redistributables in @tailwindcss/oxide Windows builds (#​16602)
• Ensure that Next.js splat routes are scanned for classes (#​16457)
• Pin exact version of tailwindcss in @tailwindcss/* packages (#​16623)
• Upgrade: Report errors when updating dependencies (#​16504)
• Upgrade: Ensure a darkMode JS config setting with block syntax converts to use @slot (#​16507)
• Upgrade: Ensure the latest version of tailwindcss and @tailwindcss/postcss are installed when upgrading (#​16620)

v4.0.6

Compare Source

Fixed

• Revert change to no longer include theme variables that aren't used in compiled CSS (#​16403)
• Upgrade: Don't migrate blur to blur-sm when used with Next.js <Image placeholder="blur" /> (#​16405)

v4.0.5

Compare Source

Added

• Add @theme static option for always including theme variables in compiled CSS (#​16211)

Fixed

• Remove rogue console.log from @tailwindcss/vite (#​16307)

Changed

• Don't include theme variables that aren't used in compiled CSS (#​16211)

v4.0.4

Compare Source

Fixed

• Fix a crash when setting JS theme values to null (#​16210)
• Ensure escaped underscores in CSS variables in arbitrary values are properly unescaped (#​16206)
• Ensure that the containers JS theme key is added to the --container-* namespace (#​16169)
• Ensure theme @keyframes are generated even if an --animation-* variable spans multiple lines (#​16237)
• Vite: Skip parsing stylesheets with the ?commonjs-proxy flag (#​16238)
• Fix order-first and order-last for Firefox (#​16266)
• Fix support for older instruction sets on Linux x64 builds of the standalone CLI (#​16244)
• Ensure NODE_PATH is respected when resolving JavaScript and CSS files (#​16274)
• Ensure Node addons are packaged correctly with FreeBSD builds (#​16277)
• Fix an issue where @variant inside a referenced stylesheet could cause a stack overflow (#​16300)

v4.0.3

Compare Source

Fixed

• Fix incorrect removal of @import url(); (#​16144)

v4.0.2

Compare Source

Fixed

• Only generate positive grid-cols-* and grid-rows-* utilities (#​16020)
• Ensure escaped theme variables are handled correctly (#​16064)
• Ensure we process Tailwind CSS features when only using @reference or @variant (#​16057)
• Refactor gradient implementation to work around prettier/prettier#17058 (#​16072)
• Vite: Ensure hot-reloading works with SolidStart setups (#​16052)
• Vite: Fix a crash when starting the development server in SolidStart setups (#​16052)
• Vite: Don't rebase URLs that appear to be aliases (#​16078)
• Vite: Transform <style> blocks in HTML files (#​16069)
• Prevent camel-casing CSS custom properties added by JavaScript plugins (#​16103)
• Do not emit @keyframes in @theme reference (#​16120)
• Discard invalid declarations when parsing CSS (#​16093)
• Do not emit empty CSS rules and at-rules (#​16121)
• Handle @variant when at the top-level of a stylesheet (#​16129)

v4.0.1

Compare Source

Fixed

• Fix an issue causing the CLI to hang when processing Ruby files (#​17383)

v4.0.0

Compare Source

Added

• New high-performance engine — where full builds are up to 5x faster, and incremental builds are over 100x faster — and measured in microseconds.
• Designed for the modern web — built on cutting-edge CSS features like cascade layers, registered custom properties with @property, and color-mix().
• Simplified installation — fewer dependencies, zero configuration, and just a single line of code in your CSS file.
• First-party Vite plugin — tight integration for maximum performance and minimum configuration.
• Automatic content detection — all of your template files are discovered automatically, with no configuration required.
• Built-in import support — no additional tooling necessary to bundle multiple CSS files.
• CSS-first configuration — a reimagined developer experience where you customize and extend the framework directly in CSS instead of a JavaScript configuration file.
• CSS theme variables — all of your design tokens exposed as native CSS variables so you can access them anywhere.
• Dynamic utility values and variants — stop guessing what values exist in your spacing scale, or extending your configuration for things like basic data attributes.
• Modernized P3 color palette — a redesigned, more vivid color palette that takes full advantage of modern display technology.
• Container queries — first-class APIs for styling elements based on their container size, no plugins required.
• New 3D transform utilities — transform elements in 3D space directly in your HTML.
• Expanded gradient APIs — radial and conic gradients, interpolation modes, and more.
• @​starting-style support — a new variant you can use to create enter and exit transitions, without the need for JavaScript.
• not-* variant — style an element only when it doesn't match another variant, custom selector, or media or feature query.
• Even more new utilities and variants — including support for color-scheme, field-sizing, complex shadows, inert, and more.

Start using Tailwind CSS v4.0 today by installing it in a new project, or playing with it directly in the browser on Tailwind Play.

For existing projects, we've published a comprehensive upgrade guide and built an automated upgrade tool to get you on the latest version as quickly and painlessly as possible.

For a deep-dive into everything that's new, check out the announcement post.

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[CoveMB]

Can't be merged as is

(plugin styles) Error: Package subpath './nesting' is not defined by "exports" in /opt/build/repo/node_modules/tailwindcss/package.json

Migration guide https://gist.github.com/takunagai/148b5a564f1e75a9f44f6bd314b55801

[socket-security]

Caution

Review the following alerts detected in dependencies.

According to your organization's Security Policy, you must resolve all "Block" alerts before proceeding. Learn more about Socket for GitHub.

Action	Severity	Alert (click for details)
Block		[email protected] has a Low CVE. CVE: GHSA-pxg6-pf52-xh8x cookie accepts cookie name, path, and domain with out of bounds characters (LOW) Affected versions: < 0.7.0 Patched version: 0.7.0 From: ? → npm/[email protected] → npm/[email protected] ℹ Read more on: This package | This alert | What is a mild CVE? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected]. Suggestion: Remove or replace dependencies that include known low severity CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		[email protected] is a AI-detected potential code anomaly. Notes: The code appears to be a WebAssembly (WASM) module implementing HTTP parsing functionality. The code contains suspicious elements such as ability to handle HTTP headers, message bodies, and chunk extensions. While it may be legitimate parser code, the obfuscated nature and presence of low-level binary operations warrants careful review due to potential for misuse in HTTP request/response manipulation or header injection attacks. Confidence: 1.00 Severity: 0.60 From: ? → npm/[email protected] → npm/[email protected] ℹ Read more on: This package | This alert | What is an AI-detected potential code anomaly? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected]. Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	jszip@​3.10.1
	solidity-ast@​0.4.60
	rimraf@​5.0.10
	hardhat@​2.25.0
	@​openzeppelin/​contracts-upgradeable@​5.3.0
	@​openzeppelin/​contracts@​5.3.0

View full report