Skip to content

chore(deps-dev): bump tailwindcss from 4.2.2 to 4.2.4#164

Open
dependabot[bot] wants to merge 1 commit into
developmentfrom
dependabot/npm_and_yarn/development/tailwindcss-4.2.4
Open

chore(deps-dev): bump tailwindcss from 4.2.2 to 4.2.4#164
dependabot[bot] wants to merge 1 commit into
developmentfrom
dependabot/npm_and_yarn/development/tailwindcss-4.2.4

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 21, 2026

Bumps tailwindcss from 4.2.2 to 4.2.4.

Release notes

Sourced from tailwindcss's releases.

v4.2.4

Fixed

  • Ensure imports in @import and @plugin still resolve correctly when using Vite aliases in @tailwindcss/vite (#19947)

v4.2.3

Fixed

  • Canonicalization: improve canonicalizations for tracking-* utilities by preferring non-negative utilities (e.g. -tracking-tightertracking-wider) (#19827)
  • Fix crash due to invalid characters in candidate (exceeding valid unicode code point range) (#19829)
  • Ensure query params in imports are considered unique resources when using @tailwindcss/webpack (#19723)
  • Canonicalization: collapse arbitrary values into shorthand utilities (e.g. px-[1.2rem] py-[1.2rem]p-[1.2rem]) (#19837)
  • Canonicalization: collapse border-{t,b}-* into border-y-*, border-{l,r}-* into border-x-*, and border-{t,r,b,l}-* into border-* (#19842)
  • Canonicalization: collapse scroll-m{t,b}-* into scroll-my-*, scroll-m{l,r}-* into scroll-mx-*, and scroll-m{t,r,b,l}-* into scroll-m-* (#19842)
  • Canonicalization: collapse scroll-p{t,b}-* into scroll-py-*, scroll-p{l,r}-* into scroll-px-*, and scroll-p{t,r,b,l}-* into scroll-p-* (#19842)
  • Canonicalization: collapse overflow-{x,y}-* into overflow-* (#19842)
  • Canonicalization: collapse overscroll-{x,y}-* into overscroll-* (#19842)
  • Read from --placeholder-color instead of --background-color for placeholder-* utilities (#19843)
  • Upgrade: ensure files are not emptied out when killing the upgrade process while it's running (#19846)
  • Upgrade: use config.content when migrating from Tailwind CSS v3 to Tailwind CSS v4 (#19846)
  • Upgrade: never migrate files that are ignored by git (#19846)
  • Add .env and .env.* to default ignored content files (#19846)
  • Canonicalization: migrate overflow-ellipsis into text-ellipsis (#19849)
  • Canonicalization: migrate start-fullinset-s-full, start-autoinset-s-auto, start-pxinset-s-px, and start-<number>inset-s-<number> as well as negative versions (#19849)
  • Canonicalization: migrate end-fullinset-e-full, end-autoinset-e-auto, end-pxinset-e-px, and end-<number>inset-e-<number> as well as negative versions (#19849)
  • Canonicalization: move the - sign inside the arbitrary value -left-[9rem]left-[-9rem] (#19858)
  • Canonicalization: move the - sign outside the arbitrary value ml-[calc(-1*var(--width))]-ml-(--width) (#19858)
  • Improve performance when scanning JSONL / NDJSON files (#19862)
  • Support NODE_PATH environment variable in standalone CLI (#19617)
Changelog

Sourced from tailwindcss's changelog.

[4.2.4] - 2026-04-21

Fixed

  • Ensure imports in @import and @plugin still resolve correctly when using Vite aliases in @tailwindcss/vite (#19947)

[4.2.3] - 2026-04-20

Fixed

  • Canonicalization: improve canonicalizations for tracking-* utilities by preferring non-negative utilities (e.g. -tracking-tightertracking-wider) (#19827)
  • Fix crash due to invalid characters in candidate (exceeding valid unicode code point range) (#19829)
  • Ensure query params in imports are considered unique resources when using @tailwindcss/webpack (#19723)
  • Canonicalization: collapse arbitrary values into shorthand utilities (e.g. px-[1.2rem] py-[1.2rem]p-[1.2rem]) (#19837)
  • Canonicalization: collapse border-{t,b}-* into border-y-*, border-{l,r}-* into border-x-*, and border-{t,r,b,l}-* into border-* (#19842)
  • Canonicalization: collapse scroll-m{t,b}-* into scroll-my-*, scroll-m{l,r}-* into scroll-mx-*, and scroll-m{t,r,b,l}-* into scroll-m-* (#19842)
  • Canonicalization: collapse scroll-p{t,b}-* into scroll-py-*, scroll-p{l,r}-* into scroll-px-*, and scroll-p{t,r,b,l}-* into scroll-p-* (#19842)
  • Canonicalization: collapse overflow-{x,y}-* into overflow-* (#19842)
  • Canonicalization: collapse overscroll-{x,y}-* into overscroll-* (#19842)
  • Read from --placeholder-color instead of --background-color for placeholder-* utilities (#19843)
  • Upgrade: ensure files are not emptied out when killing the upgrade process while it's running (#19846)
  • Upgrade: use config.content when migrating from Tailwind CSS v3 to Tailwind CSS v4 (#19846)
  • Upgrade: never migrate files that are ignored by git (#19846)
  • Add .env and .env.* to default ignored content files (#19846)
  • Canonicalization: migrate overflow-ellipsis into text-ellipsis (#19849)
  • Canonicalization: migrate start-fullinset-s-full, start-autoinset-s-auto, start-pxinset-s-px, and start-<number>inset-s-<number> as well as negative versions (#19849)
  • Canonicalization: migrate end-fullinset-e-full, end-autoinset-e-auto, end-pxinset-e-px, and end-<number>inset-e-<number> as well as negative versions (#19849)
  • Canonicalization: move the - sign inside the arbitrary value -left-[9rem]left-[-9rem] (#19858)
  • Canonicalization: move the - sign outside the arbitrary value ml-[calc(-1*var(--width))]-ml-(--width) (#19858)
  • Improve performance when scanning JSONL / NDJSON files (#19862)
  • Support NODE_PATH environment variable in standalone CLI (#19617)
Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
chore(deps-dev): bump tailwindcss from 4.2.2 to 4.2.4
49e2ccb 
Bumps [tailwindcss](https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/tailwindcss) from 4.2.2 to 4.2.4.
- [Release notes](https://github.com/tailwindlabs/tailwindcss/releases)
- [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tailwindlabs/tailwindcss/commits/v4.2.4/packages/tailwindcss)

---
updated-dependencies:
- dependency-name: tailwindcss
  dependency-version: 4.2.4
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Apr 21, 2026
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 21, 2026

Knip Code Analysis

Found 8 total issues

Category Count
Unused Dependencies 1
Unused Dev Dependencies 3
Unused Exports 4
View details

Run pnpm knip locally to see the full report.

Use pnpm knip:filter pattern to filter results by file path.

Use /** @public */ JSDoc tags to mark intentionally exported symbols.

@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 21, 2026

✅ Security audit passed

Passed (38/38)

  • ✅ Auth enforcement on protected routes (per-handler)
  • ✅ No dangerous functions (eval, innerHTML, etc.)
  • ✅ No hardcoded secrets in source
  • ✅ Security headers in next.config.ts
  • ✅ Cookie security (httpOnly, sameSite, secure)
  • ✅ No sensitive fields in API responses
  • ✅ No .env files committed to repo
  • ✅ No raw SQL in API routes
  • ✅ No fetch/redirect with unvalidated URLs in routes
  • ✅ Timing-safe comparison for secret values
  • ✅ No raw SQL migration files (schema-first only)
  • ✅ External fetch calls have timeouts
  • ✅ Docker container runs as non-root user
  • ✅ Public routes match proxy allowlist
  • ✅ File delete operations have path traversal defense
  • ✅ Password hashing uses Argon2 (not SHA-256/bcrypt)
  • ✅ Encrypted columns written via encrypt()
  • ✅ TOTP 2FA flow integrity
  • ✅ Emergency lockdown flow integrity
  • ✅ Scrub & delete (nuke) flow integrity
  • ✅ Backup restore flow integrity
  • ✅ Login flow integrity
  • ✅ Auth result checked before proceeding
  • ✅ Backup password inputs bounded before key derivation
  • ✅ Webhook delivery fetch uses redirect: "error"
  • ✅ SESSION_SECRET minimum-length guard in auth/crypto modules
  • ✅ Notification URL validators include SSRF protection
  • ✅ Dockerfile does not COPY sensitive files
  • ✅ No secret env vars in client components
  • ✅ Adapter Cookie headers guard against injection
  • ✅ Adapter files do not log credential values
  • ✅ No console.log in API routes
  • ✅ No TODO/FIXME in security-critical files
  • ✅ JSON.parse wrapped in try-catch
  • ✅ No swallowed errors in catch blocks
  • ✅ Request body size validation on upload routes
  • ✅ BigInt fields use string serialization
  • ✅ No raw error messages in API responses

Summary: 38/38 checks passed

See scripts/security-audit.ts for check definitions and SECURITY.md for the full security architecture.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants