Skip to content

Update @tailwindcss/postcss 4.1.18 → 4.2.1 (minor)#562

Open
depfu[bot] wants to merge 1 commit intomainfrom
depfu/update/npm/@tailwindcss/postcss-4.2.1
Open

Update @tailwindcss/postcss 4.1.18 → 4.2.1 (minor)#562
depfu[bot] wants to merge 1 commit intomainfrom
depfu/update/npm/@tailwindcss/postcss-4.2.1

Conversation

@depfu
Copy link
Contributor

@depfu depfu bot commented Feb 24, 2026
edited
Loading

Here is everything you need to know about this update. Please take a good look at what changed and the test results before merging this pull request.

What changed?

✳️ @​tailwindcss/postcss (4.1.18 → 4.2.1)

Sorry, we couldn't find anything useful about this release.

↗️ @​emnapi/core (indirect, 1.7.1 → 1.8.1) · Repo

Release Notes

1.8.1

What's Changed

Full Changelog: v1.8.0...v1.8.1

1.8.0

What's Changed

Full Changelog: v1.7.1...v1.8.0

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 4 commits:

↗️ @​emnapi/runtime (indirect, 1.7.1 → 1.8.1) · Repo

Release Notes

1.8.1

What's Changed

Full Changelog: v1.8.0...v1.8.1

1.8.0

What's Changed

Full Changelog: v1.7.1...v1.8.0

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 4 commits:

↗️ @​napi-rs/wasm-runtime (indirect, 1.1.0 → 1.1.1) · Repo

Sorry, we couldn't find anything useful about this release.

↗️ enhanced-resolve (indirect, 5.18.4 → 5.20.0) · Repo

Release Notes

5.20.0

Features

  • Added the baseUrl option to override the tsconfig.json's baseUrl
  • Enabled trailing commas support for JSONC

Fixes

  • Detect circular extends to prevent infinite loop in tsconfig.json
  • Support JSONC comments in tsconfig.json

5.19.0

Features

  • Added TsconfigPathsPlugin (replacement for tsconfig-paths-webpack-plugin) .

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 11 commits:

↗️ lightningcss (indirect, 1.30.2 → 1.31.1) · Repo

Release Notes

1.31.0

Features

Fixes

Does any of this look wrong? Please let us know.

Sorry, we couldn't find anything useful about this release.

↗️ lightningcss-darwin-arm64 (indirect, 1.30.2 → 1.31.1) · Repo

Release Notes

1.31.0

Features

Fixes

Does any of this look wrong? Please let us know.

Sorry, we couldn't find anything useful about this release.

↗️ lightningcss-darwin-x64 (indirect, 1.30.2 → 1.31.1) · Repo

Release Notes

1.31.0

Features

Fixes

Does any of this look wrong? Please let us know.

Sorry, we couldn't find anything useful about this release.

↗️ lightningcss-linux-arm64-gnu (indirect, 1.30.2 → 1.31.1) · Repo

Release Notes

1.31.0

Features

Fixes

Does any of this look wrong? Please let us know.

Sorry, we couldn't find anything useful about this release.

↗️ lightningcss-linux-arm64-musl (indirect, 1.30.2 → 1.31.1) · Repo

Release Notes

1.31.0

Features

Fixes

Does any of this look wrong? Please let us know.

Sorry, we couldn't find anything useful about this release.

↗️ lightningcss-linux-x64-gnu (indirect, 1.30.2 → 1.31.1) · Repo

Release Notes

1.31.0

Features

Fixes

Does any of this look wrong? Please let us know.

Sorry, we couldn't find anything useful about this release.

↗️ lightningcss-linux-x64-musl (indirect, 1.30.2 → 1.31.1) · Repo

Release Notes

1.31.0

Features

Fixes

Does any of this look wrong? Please let us know.

Sorry, we couldn't find anything useful about this release.

↗️ lightningcss-win32-x64-msvc (indirect, 1.30.2 → 1.31.1) · Repo

Release Notes

1.31.0

Features

Fixes

Does any of this look wrong? Please let us know.

Sorry, we couldn't find anything useful about this release.

🗑️ tailwindcss (removed)

Depfu Status

Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with @depfu rebase.

All Depfu comment commands
@​depfu rebase
Rebases against your default branch and redoes this update
@​depfu recreate
Recreates this PR, overwriting any edits that you've made to it
@​depfu merge
Merges this PR once your tests are passing and conflicts are resolved
@​depfu cancel merge
Cancels automatic merging of this PR
@​depfu close
Closes this PR and deletes the branch
@​depfu reopen
Restores the branch and reopens this PR (if it's closed)
@​depfu pause
Ignores all future updates for this dependency and closes this PR
@​depfu pause [minor|major]
Ignores all future minor/major updates for this dependency and closes this PR
@​depfu resume
Future versions of this dependency will create PRs again (leaves this PR as is)

@depfu depfu bot added the depfu label Feb 24, 2026
@code-genius-code-coverage
Copy link

code-genius-code-coverage bot commented Feb 24, 2026

The files' contents are under analysis for test generation.

@github-actions github-actions bot added the size/L Denotes a PR that changes 100-499 lines, ignoring generated files. label Feb 24, 2026
@socket-security
Copy link

socket-security bot commented Feb 24, 2026
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updated@​tailwindcss/​postcss@​4.1.18 ⏵ 4.2.1100 +110010098100

View full report

@socket-security
Copy link

socket-security bot commented Feb 24, 2026
edited
Loading

Caution

Review the following alerts detected in dependencies.

According to your organization's Security Policy, you must resolve all "Block" alerts before proceeding. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Block Low
Dynamic module loading: npm lightningcss

Location: Package overview

From: package-lock.jsonnpm/vite@7.3.1npm/@tailwindcss/postcss@4.2.1npm/lightningcss@1.31.1

ℹ Read more on: This package | This alert | What is dynamic require?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should avoid dynamic imports when possible. Audit the use of dynamic require to ensure it is not executing malicious or vulnerable code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/lightningcss@1.31.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

@deepsource-io
Copy link

deepsource-io bot commented Feb 24, 2026
edited
Loading

DeepSource Code Review

We reviewed changes in 6bc43f9...701ace7 on this pull request. Below is the summary for the review, and you can see the individual issues we found as inline review comments.

See full review on DeepSource ↗

PR Report Card

Overall Grade   Security  

Reliability  

Complexity  

Hygiene  

Coverage  

Code Review Summary

Analyzer Status Updated (UTC) Details
Test coverage Mar 4, 2026 1:40p.m. Review ↗
Secrets Mar 4, 2026 1:40p.m. Review ↗
JavaScript Mar 4, 2026 1:40p.m. Review ↗

Code Coverage Summary

Language Line Coverage (Overall)
Aggregate
93.8%
Javascript
93.8%

➟ Additional coverage metrics may have been reported. See full coverage report ↗

@guibranco guibranco enabled auto-merge (squash) February 24, 2026 14:32
@gstraccini gstraccini bot added the ☑️ auto-merge Automatic merging of pull requests (gstraccini-bot) label Feb 24, 2026
guibranco
guibranco approved these changes Feb 24, 2026
View reviewed changes
Copy link
Member

@guibranco guibranco left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Automatically approved by gstraccini[bot]

@gstraccini gstraccini bot added the 🤖 bot Automated processes or integrations label Feb 24, 2026
@depfu depfu bot mentioned this pull request Feb 24, 2026
Closed
@guibranco
Copy link
Member

guibranco commented Feb 24, 2026

@depfu merge

@guibranco
Copy link
Member

guibranco commented Mar 4, 2026

@depfu recreate

@depfu depfu bot force-pushed the depfu/update/npm/@tailwindcss/postcss-4.2.1 branch from 8446109 to 701ace7 Compare March 4, 2026 13:39
@github-actions
Copy link

github-actions bot commented Mar 4, 2026

Infisical secrets check: ✅ No secrets leaked!

💻 Scan logs 
2026-03-04T13:40:36Z INF scanning for exposed secrets...
1:40PM INF 470 commits scanned.
2026-03-04T13:40:36Z INF scan completed in 369ms
2026-03-04T13:40:36Z INF no leaks found

@sonarqubecloud
Copy link

sonarqubecloud bot commented Mar 4, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@guibranco guibranco guibranco approved these changes

@gstraccini gstraccini[bot] gstraccini[bot] approved these changes

Assignees

@guibranco guibranco

Labels

☑️ auto-merge Automatic merging of pull requests (gstraccini-bot) 🤖 bot Automated processes or integrations depfu size/L Denotes a PR that changes 100-499 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@guibranco