chore(deps): update dependency tailwindcss to v3

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
tailwindcss (source)	^2.0.1 -> ^3.4.15

---

Release Notes

tailwindlabs/tailwindcss (tailwindcss)

v3.4.15

Compare Source

• Bump versions for security vulnerabilities (#​14697)
• Ensure the TypeScript types for the boxShadow theme configuration allows arrays (#​14856)
• Set fallback for opacity variables to ensure setting colors with the selection:* variant works in Chrome 131 (#​15003)

v3.4.14

Compare Source

Fixed

• Don't set display: none on elements that use hidden="until-found" (#​14625)

v3.4.13

Compare Source

Fixed

• Improve source glob verification performance (#​14481)

v3.4.12

Compare Source

v3.4.11

Compare Source

v3.4.10

Compare Source

v3.4.9

Compare Source

Fixed

• No longer warns when broad glob patterns are detecting vendor folders

v3.4.8

Compare Source

v3.4.7

Compare Source

v3.4.6

Compare Source

Fixed

• Fix detection of some utilities in Slim/Pug templates (#​14006)

Changed

• Loosen :is() wrapping rules when using an important selector (#​13900)

v3.4.5

Compare Source

v3.4.4

Compare Source

Fixed

• Make it possible to use multiple <alpha-value> placeholders in a single color definition (#​13740)
• Don't prefix classes in arbitrary values of has-*, group-has-*, and peer-has-* variants (#​13770)
• Support negative values for {col,row}-{start,end} utilities (#​13781)
• Update embedded browserslist database (#​13792)

v3.4.3

Compare Source

v3.4.2

Compare Source

Fixed

• Ensure max specificity of 0,0,1 for button and input Preflight rules (#​12735)
• Improve glob handling for folders with (, ), [ or ] in the file path (#​12715)
• Split :has rules when using experimental.optimizeUniversalDefaults (#​12736)
• Sort arbitrary properties alphabetically across multiple class lists (#​12911)
• Add mix-blend-plus-darker utility (#​12923)
• Ensure dashes are allowed in variant modifiers (#​13303)
• Fix crash showing completions in Intellisense when using a custom separator (#​13306)
• Transpile import.meta.url in config files (#​13322)
• Reset letter spacing for form elements (#​13150)
• Fix missing xx-large and remove double x-large absolute size (#​13324)
• Don't error when encountering nested CSS unless trying to @apply a class that uses nesting (#​13325)
• Ensure that arbitrary properties respect important configuration (#​13353)
• Change dark mode selector so @apply works correctly with pseudo elements (#​13379)

v3.4.1

Compare Source

Fixed

• Don't remove keyframe stops when using important utilities (#​12639)
• Don't add spaces to gradients and grid track names when followed by calc() (#​12704)
• Restore old behavior for class dark mode strategy (#​12717)

Added

• Add new selector and variant strategies for dark mode (#​12717)

Changed

• Support rtl and ltr variants on same element as dir attribute (#​12717)

v3.4.0

Compare Source

Added

• Add svh, lvh, and dvh values to default height/min-height/max-height theme (#​11317)
• Add has-* variants for :has(...) pseudo-class (#​11318)
• Add text-wrap utilities including text-balance and text-pretty (#​11320, #​12031)
• Extend default opacity scale to include all steps of 5 (#​11832)
• Update Preflight html styles to include shadow DOM :host pseudo-class (#​11200)
• Increase default values for grid-rows-* utilities from 1–6 to 1–12 (#​12180)
• Add size-* utilities (#​12287)
• Add utilities for CSS subgrid (#​12298)
• Add spacing scale to min-w-*, min-h-*, and max-w-* utilities (#​12300)
• Add forced-color-adjust utilities (#​11931)
• Add forced-colors variant (#​11694, #​12582)
• Add appearance-auto utility (#​12404)
• Add logical property values for float and clear utilities (#​12480)
• Add * variant for targeting direct children (#​12551)

Changed

• Simplify the sans font-family stack (#​11748)
• Disable the tap highlight overlay on iOS (#​12299)
• Improve relative precedence of rtl, ltr, forced-colors, and dark variants (#​12584)

v3.3.7

Compare Source

Fixed

• Fix support for container query utilities with arbitrary values (#​12534)
• Fix custom config loading in Standalone CLI (#​12616)

v3.3.6

Compare Source

Fixed

• Improve types for resolveConfig (#​12272)
• Don’t add spaces to negative numbers following a comma (#​12324)
• Don't emit @config in CSS when watching via the CLI (#​12327)
• Ensure configured font-feature-settings for mono are included in Preflight (#​12342)
• Improve candidate detection in minified JS arrays (without spaces) (#​12396)
• Don't crash when given applying a variant to a negated version of a simple utility (#​12514)
• Fix support for slashes in arbitrary modifiers (#​12515)
• Fix source maps of variant utilities that come from an @layer rule (#​12508)
• Fix loading of built-in plugins when using an ESM or TypeScript config with the Standalone CLI (#​12506)

v3.3.5

Compare Source

Fixed

• Fix incorrect spaces around - in calc() expression (#​12283)

v3.3.4

Compare Source

Fixed

• Improve normalisation of calc()-like functions (#​11686)
• Skip calc() normalisation in nested theme() calls (#​11705)
• Fix incorrectly generated CSS when using square brackets inside arbitrary properties (#​11709)
• Make content optional for presets in TypeScript types (#​11730)
• Handle variable colors that have variable fallback values (#​12049)
• Batch reading content files to prevent too many open files error (#​12079)
• Skip over classes inside :not(…) when nested in an at-rule (#​12105)
• Update types to work with Node16 module resolution (#​12097)
• Don’t crash when important and parent selectors are equal in @apply (#​12112)
• Eliminate irrelevant rules when applying variants (#​12113)
• Improve RegEx parser, reduce possibilities as the key for arbitrary properties (#​12121)
• Fix sorting of utilities that share multiple candidates (#​12173)
• Ensure variants with arbitrary values and a modifier are correctly matched in the RegEx based parser (#​12179)
• Fix crash when watching renamed files on FreeBSD (#​12193)
• Allow plugins from a parent document to be used in an iframe (#​12208)
• Add types for tailwindcss/nesting (#​12269)
• Bump jiti, fast-glob, and browserlist dependencies (#​11550)
• Improve automatic var injection for properties that accept a <dashed-ident> (#​12236)

v3.3.3

Compare Source

Fixed

• Fix issue where some pseudo-element variants generated the wrong selector (#​10943, #​10962, #​11111)
• Make font settings propagate into buttons, inputs, etc. (#​10940)
• Fix parsing of theme() inside calc() when there are no spaces around operators (#​11157)
• Ensure repeating-conic-gradient is detected as an image (#​11180)
• Move unknown pseudo-elements outside of :is by default (#​11345)
• Escape animation names when prefixes contain special characters (#​11470)
• Don't prefix arbitrary classes in group and peer variants (#​11454)
• Sort classes using position of first matching rule (#​11504)
• Allow variant to be an at-rule without a prelude (#​11589)
• Make PostCSS plugin async to improve performance (#​11548)
• Don’t error when a config file is missing (f97759f)

Added

• Add aria-busy utility (#​10966)

Changed

• Reset padding for <dialog> elements in preflight (#​11069)

v3.3.2

Compare Source

Fixed

• Don’t move unknown pseudo-elements to the end of selectors (#​10943, #​10962)
• Inherit gradient stop positions when using variants (#​11002)
• Honor default to position of gradient when using implicit transparent colors (#​11002)
• Ensure @tailwindcss/oxide doesn't leak in the stable engine (#​10988)
• Ensure multiple theme(spacing[5]) calls with bracket notation in arbitrary properties work (#​11039)
• Normalize arbitrary modifiers (#​11057)

Changed

• Drop support for Node.js v12 (#​11089)

v3.3.1

Compare Source

Fixed

• Fix edge case bug when loading a TypeScript config file with webpack (#​10898)
• Fix variant, @apply, and important selectors when using :is() or :has() with pseudo-elements (#​10903)
• Fix safelist config types (#​10901)
• Fix build errors caused by @tailwindcss/line-clamp warning (#​10915, #​10919)
• Fix "process is not defined" error (#​10919)

v3.3.0

Compare Source

Added

• Support ESM and TypeScript config files (#​10785)
• Extend default color palette with new 950 shades (#​10879)
• Add line-height modifier support to font-size utilities (#​9875)
• Add support for using variables as arbitrary values without var(...) (#​9880, #​9962)
• Add logical properties support for inline direction (#​10166)
• Add hyphens utilities (#​10071)
• Add from-{position}, via-{position} and to-{position} utilities (#​10886)
• Add list-style-image utilities (#​10817)
• Add caption-side utilities (#​10470)
• Add line-clamp utilities from @tailwindcss/line-clamp to core (#​10768, #​10876, #​10862)
• Add delay-0 and duration-0 utilities (#​10294)
• Add justify-normal and justify-stretch utilities (#​10560)
• Add content-normal and content-stretch utilities (#​10645)
• Add whitespace-break-spaces utility (#​10729)
• Add support for configuring default font-variation-settings for a font-family (#​10034, #​10515)

Fixed

• Disallow using multiple selectors in arbitrary variants (#​10655)
• Sort class lists deterministically for Prettier plugin (#​10672)
• Ensure CLI builds have a non-zero exit code on failure (#​10703)
• Ensure module dependencies for value null, is an empty Set (#​10877)
• Fix format assumption when resolving module dependencies (#​10878)

Changed

• Mark rtl and ltr variants as stable and remove warnings (#​10764)
• Use inset instead of top, right, bottom, and left properties (#​10765)
• Make dark and rtl/ltr variants insensitive to DOM order (#​10766)
• Use :is to make important selector option insensitive to DOM order (#​10835)

v3.2.7

Compare Source

Fixed

• Fix use of :where(.btn) when matching !btn (#​10601)
• Revert including outline-color in transition and transition-colors by default (#​10604)

v3.2.6

Compare Source

Fixed

• Fix installation failing with yarn and pnpm by dropping oxide-api-shim (add1636)

v3.2.5

Compare Source

Added

• Add standalone CLI build for 64-bit Windows on ARM (node16-win-arm64) (#​10001)

Fixed

• Cleanup unused variantOrder (#​9829)
• Fix foo-[abc]/[def] not being handled correctly (#​9866)
• Add container queries plugin to standalone CLI (#​9865)
• Support renaming of output files by PostCSS plugins in CLI (#​9944)
• Improve return value of resolveConfig, unwrap ResolvableTo (#​9972)
• Clip unbalanced brackets in arbitrary values (#​9973)
• Don’t reorder webkit scrollbar pseudo elements (#​9991)
• Deterministic sorting of arbitrary variants (#​10016)
• Add data key to theme types (#​10023)
• Prevent invalid arbitrary variant selectors from failing the build (#​10059)
• Properly handle subtraction followed by a variable (#​10074)
• Fix missing string[] in the theme.dropShadow types (#​10072)
• Update list of length units (#​10100)
• Fix not matching arbitrary properties when closely followed by square brackets (#​10212)
• Allow direct nesting in root or @layer nodes (#​10229)
• Don't prefix classes in arbitrary variants (#​10214)
• Fix perf regression when checking for changed content (#​10234)
• Fix missing blocklist member in the Config type (#​10239)
• Escape group names in selectors (#​10276)
• Consider earlier variants before sorting functions (#​10288)
• Allow variants with slashes (#​10336)
• Ensure generated CSS is always sorted in the same order for a given set of templates (#​10382)
• Handle variants when the same class appears multiple times in a selector (#​10397)
• Handle group/peer variants with quoted strings (#​10400)
• Parse alpha value from rgba/hsla colors when using variables (#​10429)
• Sort by layer inside variants layer (#​10505)
• Add --watch=always option to prevent exit when stdin closes (#​9966)

Changed

• Alphabetize theme keys in default config (#​9953)
• Update esbuild to v17 (#​10368)
• Include outline-color in transition and transition-colors utilities (#​10385)

v3.2.4

Compare Source

Added

• Add blocklist option to prevent generating unwanted CSS (#​9812)

Fixed

• Fix watching of files on Linux when renames are involved (#​9796)
• Make sure errors are always displayed when watching for changes (#​9810)

v3.2.3

Compare Source

Fixed

• Fixed use of raw content in the CLI (#​9773)
• Pick up changes from files that are both context and content deps (#​9787)
• Sort pseudo-elements ONLY after classes when using variants and @apply (#​9765)
• Support important utilities in the safelist (pattern must include a !) (#​9791)

v3.2.2

Compare Source

Fixed

• Escape special characters in resolved content base paths (#​9650)
• Don't reuse container for array returning variant functions (#​9644)
• Exclude non-relevant selectors when generating rules with the important modifier (#​9677)
• Fix merging of arrays during config resolution (#​9706)
• Ensure configured font-feature-settings are included in Preflight (#​9707)
• Fix fractional values not being parsed properly inside arbitrary properties (#​9705)
• Fix incorrect selectors when using @apply in selectors with combinators and pseudos (#​9722)
• Fix cannot read properties of undefined (reading 'modifier') (#​9656, aa979d6)

v3.2.1

Compare Source

Fixed

• Fix missing supports in types (#​9616)
• Fix missing PostCSS dependencies in the CLI (#​9617)
• Ensure micromatch is a proper CLI dependency (#​9620)
• Ensure modifier values exist when using a modifiers object for matchVariant (ba6551d)

v3.2.0

Compare Source

Added

• Add new @config directive (#​9405)
• Add new relative: true option to resolve content paths relative to the config file (#​9396)
• Add new supports-* variant (#​9453)
• Add new min-* and max-* variants (#​9558)
• Add new aria-* variants (#​9557, #​9588)
• Add new data-* variants (#​9559, #​9588)
• Add new break-keep utility for word-break: keep-all (#​9393)
• Add new collapse utility for visibility: collapse (#​9181)
• Add new fill-none utility for fill: none (#​9403)
• Add new stroke-none utility for stroke: none (#​9403)
• Add new place-content-baseline utility for place-content: baseline (#​9498)
• Add new place-items-baseline utility for place-items: baseline (#​9507)
• Add new content-baseline utility for align-content: baseline (#​9507)
• Add support for configuring default font-feature-settings for a font family (#​9039)
• Add standalone CLI build for 32-bit Linux on ARM (node16-linux-armv7) (#​9084)
• Add future flag to disable color opacity utility plugins (#​9088)
• Add negative value support for outline-offset (#​9136)
• Add support for modifiers to matchUtilities (#​9541)
• Allow negating utilities using min/max/clamp (#​9237)
• Implement fallback plugins when there is ambiguity between plugins when using arbitrary values (#​9376)
• Support sort function in matchVariant (#​9423)
• Upgrade to postcss-nested v6.0 (#​9546)

Fixed

• Use absolute paths when resolving changed files for resilience against working directory changes (#​9032)
• Fix ring color utility generation when using respectDefaultRingColorOpacity (#​9070)
• Sort tags before classes when @apply-ing a selector with joined classes (#​9107)
• Remove invalid outline-hidden utility (#​9147)
• Honor the hidden attribute on elements in preflight (#​9174)
• Don't stop watching atomically renamed files (#​9173, #​9215)
• Fix duplicate utilities issue causing memory leaks (#​9208)
• Fix fontFamily config TypeScript types (#​9214)
• Handle variants on complex selector utilities (#​9262)
• Fix shared config mutation issue (#​9294)
• Fix ordering of parallel variants (#​9282)
• Handle variants in utility selectors using :where() and :has() (#​9309)
• Improve data type analysis for arbitrary values (#​9320)
• Don't emit generated utilities with invalid uses of theme functions (#​9319)
• Revert change that only listened for stdin close on TTYs (#​9331)
• Ignore unset values (like null or undefined) when resolving the classList for intellisense (#​9385)
• Improve type checking for formal syntax (#​9349, #​9448)
• Fix incorrect required content key in custom plugin configs (#​9502, #​9545)
• Fix content path detection on Windows (#​9569)
• Ensure --content is used in the CLI when passed (#​9587)

v3.1.8

Compare Source

Fixed

• Don’t prefix classes within reused arbitrary variants (#​8992)
• Fix usage of alpha values inside single-named colors that are functions (#​9008)
• Fix @apply of user utilities when negative and non-negative versions both exist (#​9027)

v3.1.7

Compare Source

Fixed

• Don't rewrite source maps for @layer rules (#​8971)

Added

• Added types for resolveConfig (#​8924)

v3.1.6

Compare Source

Fixed

• Fix usage on Node 12.x (b4e637e)
• Handle theme keys with slashes when using theme() in CSS (#​8831)

v3.1.5

Compare Source

Added

• Support configuring a default font-weight for each font size utility (#​8763)
• Add support for alpha values in safe list (#​8774)

Fixed

• Improve types to support fallback values in the CSS-in-JS syntax used in plugin APIs (#​8762)
• Support including tailwindcss and autoprefixer in postcss.config.js in standalone CLI (#​8769)
• Fix using special-characters as prefixes (#​8772)
• Don’t prefix classes used within arbitrary variants (#​8773)
• Add more explicit types for the default theme (#​8780)

v3.1.4

Compare Source

Fixed

• Provide default to <alpha-value> when using theme() (#​8652)
• Detect arbitrary variants with quotes (#​8687)
• Don’t add spaces around raw / that are preceded by numbers (#​8688)

v3.1.3

Compare Source

Fixed

• Fix extraction of multi-word utilities with arbitrary values and quotes (#​8604)
• Fix casing of import of corePluginList type definition (#​8587)
• Ignore PostCSS nodes returned by addVariant (#​8608)
• Fix missing spaces around arithmetic operators (#​8615)
• Detect alpha value in CSS theme() function when using quotes (#​8625)
• Fix "Maximum call stack size exceeded" bug (#​8636)
• Allow functions returning parallel variants to mutate the container (#​8622)
• Remove text opacity CSS variables from ::marker (#​8622)

v3.1.2

Compare Source

Fixed

• Ensure \ is a valid arbitrary variant token (#​8576)
• Enable postcss-import in the CLI by default in watch mode (#​8574, #​8580)

v3.1.1

Compare Source

Fixed

• Fix candidate extractor regression (#​8558)
• Split ::backdrop into separate defaults group (#​8567)
• Fix postcss plugin type (#​8564)
• Fix class detection in markdown code fences and slim templates (#​8569)

v3.1.0

Compare Source

Fixed

• Types: allow for arbitrary theme values (for 3rd party plugins) (#​7926)
• Don’t split vars with numbers in them inside arbitrary values (#​8091)
• Require matching prefix when detecting negatives (#​8121)
• Handle duplicate At Rules without children (#​8122)
• Allow arbitrary values with commas in @apply (#​8125)
• Fix intellisense for plugins with multiple @apply rules (#​8213)
• Improve type detection for arbitrary color values (#​8201)
• Support PostCSS config options in config file in CLI (#​8226)
• Remove default [hidden] style in preflight (#​8248)
• Only check selectors containing base apply candidates for circular dependencies (#​8222)
• Rewrite default class extractor (#​8204)
• Move important selector to the front when @apply-ing selector-modifying variants in custom utilities (#​8313)
• Error when registering an invalid custom variant (#​8345)
• Create tailwind.config.cjs file in ESM package when running init (#​8363)
• Fix matchVariant that use at-rules and placeholders (#​8392)
• Improve types of the tailwindcss/plugin (#​8400)
• Allow returning parallel variants from addVariant or matchVariant callback functions (#​8455)
• Try using local postcss installation first in the CLI (#​8270)
• Allow default ring color to be a function (#​7587)
• Don't inherit to value from parent gradients (#​8489)
• Remove process dependency from log functions (#​8530)
• Ensure we can use @import 'tailwindcss/...' without node_modules (#​8537)

Changed

• Only apply hover styles when supported (future) (#​8394)
• Respect default ring color opacity (future) (#​8448, 3f4005e)

Added

• Support PostCSS Document nodes (#​7291)
• Add text-start and text-end utilities (#​6656)
• Support customizing class name when using darkMode: 'class' (#​5800)
• Add --poll option to the CLI (#​7725)
• Add new border-spacing utilities (#​7102)
• Add enabled variant (#​7905)
• Add TypeScript types for the tailwind.config.js file (#​7891)
• Add backdrop variant (#​7924, #​8526)
• Add grid-flow-dense utility (#​8193)
• Add mix-blend-plus-lighter utility (#​8288)
• Add arbitrary variants (#​8299)
• Add experimental matchVariant API (#​8310, 34fd0fb8)
• Add prefers-contrast media query variants (#​8410)
• Add opacity support when referencing colors with theme function (#​8416)
• Add postcss-import support to the CLI (#​8437)
• Add optional variant (#​8486)
• Add <alpha-value> placeholder support for custom colors (#​8501)

v3.0.24

Compare Source

Fixed

• Prevent nesting plugin from breaking other plugins (#​7563)
• Recursively collapse adjacent rules (#​7565)
• Preserve source maps for generated CSS (#​7588)
• Split box shadows on top-level commas only (#​7479)
• Use local user CSS cache for @apply (#​7524)
• Invalidate context when main CSS changes (#​7626)
• Only add ! to selector class matching template candidate when using important modifier with multi-class selectors (#​7664)
• Correctly parse and prefix animation names with dots (#​7163)
• Fix extraction from template literal/function with array (#​7481)
• Don't output unparsable arbitrary values (#​7789)
• Fix generation of div:not(.foo) if .foo is never defined (#​7815)
• Allow for custom properties in rgb, rgba, hsl and hsla colors (#​7933)
• Remove autoprefixer as explicit peer-dependency to avoid invalid warnings in situations where it isn't actually needed (#​7949)
• Ensure the percentage data type is validated correctly (#​8015)
• Make sure font-weight is inherited by form controls in all browsers (#​8078)

Changed

• Replace chalk with picocolors (#​6039)
• Replace cosmiconfig with lilconfig (#​6039)
• Update cssnano to avoid removing empty variables when minifying (#​7818)

v3.0.23

Compare Source

Fixed

• Remove opacity variables from :visited pseudo class (#​7458)
• Support arbitrary values + calc + theme with quotes (#​7462)
• Don't duplicate layer output when scanning content with variants + wildcards (#​7478)
• Implement getClassOrder instead of sortClassList (#​7459)

v3.0.22

Compare Source

Fixed

• Temporarily move postcss to dependencies (#​7424)

v3.0.21

Compare Source

Fixed

• Move prettier plugin to dev dependencies (#​7418)

v3.0.20

Compare Source

Added

• Expose context.sortClassList(classes) (#​7412)

v3.0.19

Compare Source

Fixed

• Fix preflight border color fallback (#​7288)
• Correctly parse shadow lengths without a leading zero (#​7289)
• Don't crash when scanning extremely long class candidates (#​7331)
• Use less hacky fix for URLs detected as custom properties ([#​7275](https://redirect.github.com/tailwindlabs/tailwindcss/pull/72

---

Configuration

📅 Schedule: Branch creation - "before 3am on the first day of the month" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate using a curated preset maintained by . View repository job log here

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@isaacs/cliui@8.0.2	None	+6	171 kB	isaacs
npm/@jridgewell/gen-mapping@0.3.5	None	0	81.6 kB	jridgewell
npm/@jridgewell/resolve-uri@3.1.2	None	0	53.2 kB	jridgewell
npm/@jridgewell/set-array@1.2.1	None	0	17.9 kB	jridgewell
npm/@jridgewell/sourcemap-codec@1.5.0	None	0	113 kB	jridgewell
npm/@jridgewell/trace-mapping@0.3.25	None	0	169 kB	jridgewell
npm/@pkgjs/parseargs@0.11.0	None	0	74.2 kB	oss-bot
npm/any-promise@1.3.0	None	0	22.2 kB	kevinbeaty
npm/arg@5.0.2	None	0	13.7 kB	leerobinson
npm/eastasianwidth@0.2.0	None	0	13.6 kB	komagata
npm/foreground-child@3.3.0	shell	+1	146 kB	isaacs
npm/hasown@2.0.2	None	+1	40.2 kB	ljharb
npm/jackspeak@3.4.3	environment	0	297 kB	isaacs
npm/jiti@1.21.6	environment, filesystem, unsafe	0	1.95 MB	pi0
npm/minipass@7.1.2	None	0	286 kB	isaacs
npm/mz@2.7.0	filesystem, network, shell	0	9.77 kB	jongleberry

🚮 Removed packages: npm/acorn-node@1.8.2, npm/acorn-walk@7.2.0, npm/arg@5.0.1, npm/color-string@1.9.0, npm/color@4.1.0, npm/css-color-names@0.0.4, npm/css-unit-converter@1.1.2, npm/defined@1.0.0, npm/detective@5.2.0, npm/fsevents@2.3.2, npm/hex-color-regex@1.1.0, npm/hsl-regex@1.0.0, npm/hsla-regex@1.0.0, npm/html-tags@3.1.0, npm/is-color-stop@1.1.0, npm/lodash.topath@4.5.2, npm/modern-normalize@1.1.0, npm/nth-check@2.0.1, npm/num2fraction@1.2.2, npm/object-hash@2.2.0, npm/object-inspect@1.12.0, npm/object-is@1.1.5, npm/object-keys@1.1.1, npm/object.assign@4.1.2, npm/object.entries@1.1.5, npm/object.fromentries@2.0.5, npm/object.getownpropertydescriptors@2.1.3, npm/object.hasown@1.1.0, npm/object.values@1.1.5, npm/onetime@5.1.2, npm/optionator@0.9.1, npm/os-browserify@0.3.0, npm/p-each-series@2.2.0, npm/p-filter@2.1.0, npm/p-finally@1.0.0, npm/p-is-promise@3.0.0, npm/p-limit@1.3.0, npm/p-locate@2.0.0, npm/p-queue@6.6.2, npm/p-reduce@2.1.0, npm/p-retry@4.6.1, npm/p-timeout@3.2.0, npm/p-try@1.0.0, npm/pako@1.0.11, npm/parent-module@1.0.1, npm/parse-asn1@5.1.6, npm/parse-author@2.0.0, npm/parse-json@5.2.0, npm/path-browserify@1.0.1, npm/path-exists@3.0.0, npm/path-key@3.1.1, npm/path-parse@1.0.7, npm/path-type@4.0.0, npm/pbkdf2@3.1.2, npm/picocolors@1.0.0, npm/picomatch@2.3.0, npm/pify@5.0.0, npm/pkg-conf@2.1.0, npm/platform@1.3.6, npm/please-upgrade-node@3.2.0, npm/pnp-webpack-plugin@1.6.4, npm/postcss-attribute-case-insensitive@4.0.2, npm/postcss-calc@8.0.0, npm/postcss-cli@8.3.1, npm/postcss-color-functional-notation@2.0.1, npm/postcss-color-gray@5.0.0, npm/postcss-color-hex-alpha@5.0.3, npm/postcss-color-mod-function@3.0.3, npm/postcss-color-rebeccapurple@4.0.1, npm/postcss-colormin@5.2.2, npm/postcss-convert-values@5.0.2, npm/postcss-custom-media@7.0.8, npm/postcss-custom-properties-fallback@1.0.1, npm/postcss-custom-properties@8.0.11, npm/postcss-custom-selectors@5.1.2, npm/postcss-dir-pseudo-class@5.0.0, npm/postcss-discard-comments@5.0.1, npm/postcss-discard-duplicates@5.0.1, npm/postcss-discard-empty@5.0.1, npm/postcss-discard-overridden@5.0.1, npm/postcss-double-position-gradients@1.0.0, npm/postcss-env-function@2.0.2, npm/postcss-focus-visible@4.0.0, npm/postcss-focus-within@3.0.0, npm/postcss-font-variant@4.0.1, npm/postcss-gap-properties@2.0.0, npm/postcss-image-set-function@3.0.1, npm/postcss-import-svg@1.0.5, npm/postcss-initial@3.0.4, npm/postcss-js@3.0.3, npm/postcss-lab-function@2.0.1, npm/postcss-load-config@3.1.0, npm/postcss-logical@3.0.0, npm/postcss-media-minmax@4.0.0, npm/postcss-merge-longhand@5.0.4, npm/postcss-merge-rules@5.0.3, npm/postcss-minify-font-values@5.0.1, npm/postcss-minify-gradients@5.0.3, npm/postcss-minify-params@5.0.2, npm/postcss-minify-selectors@5.1.0, npm/postcss-modules-extract-imports@3.0.0, npm/postcss-modules-local-by-default@4.0.0, npm/postcss-modules-scope@3.0.0, npm/postcss-modules-values@4.0.0, npm/postcss-modules@4.3.0, npm/postcss-nested@5.0.6, npm/postcss-nesting@7.0.1, npm/postcss-normalize-charset@5.0.1, npm/postcss-normalize-display-values@5.0.1, npm/postcss-normalize-positions@5.0.1, npm/postcss-normalize-repeat-style@5.0.1, npm/postcss-normalize-string@5.0.1, npm/postcss-normalize-timing-functions@5.0.1, npm/postcss-normalize-unicode@5.0.1, npm/postcss-normalize-url@5.0.4, npm/postcss-normalize-whitespace@5.0.1, npm/postcss-ordered-values@5.0.2, npm/postcss-overflow-shorthand@2.0.0, npm/postcss-page-break@2.0.0, npm/postcss-place@4.0.1, npm/postcss-preset-env@6.7.0, npm/postcss-pseudo-class-any-link@6.0.0, npm/postcss-reduce-initial@5.0.2, npm/postcss-reduce-transforms@5.0.1, npm/postcss-replace-overflow-wrap@3.0.0, npm/postcss-reporter@7.0.5, npm/postcss-selector-matches@4.0.0, npm/postcss-selector-not@4.0.1, npm/postcss-selector-parser@6.0.8, npm/postcss-svgo@5.0.3, npm/postcss-unique-selectors@5.0.2, npm/postcss-value-parser@4.2.0, npm/postcss-values-parser@4.0.0, npm/postcss@8.4.5, npm/prelude-ls@1.2.1, npm/prettier-package-json@2.6.0, npm/prettier@2.5.1, npm/pretty-bytes@5.6.0, npm/pretty-hrtime@1.0.3, npm/process-nextick-args@2.0.1, npm/process@0.11.10, npm/progress@2.0.3, npm/promise.series@0.2.0, npm/prop-types@15.8.0, npm/public-encrypt@4.0.3, npm/pump@3.0.0, npm/purgecss@4.1.3, npm/q@1.5.1, npm/querystring-es3@0.2.1, npm/querystring@0.2.1, npm/queue-microtask@1.2.3, npm/quick-lru@4.0.1, npm/raf@3.4.1, npm/randombytes@2.1.0, npm/randomfill@1.0.4, npm/raw-body@2.4.1, npm/rc@1.2.8, npm/react-dom@17.0.2, npm/react-is@16.13.1, npm/react-refresh@0.8.3, npm/react-spring@8.0.27, npm/react-use-gesture@8.0.1, npm/react@17.0.2, npm/read-cache@1.0.0, npm/read-pkg-up@7.0.1, npm/read-pkg@5.2.0, npm/readable-stream@3.6.0, npm/readdirp@3.5.0, npm/redent@3.0.0, npm/redeyed@2.1.1, npm/reduce-css-calc@2.1.8, npm/regenerate-unicode-properties@9.0.0, npm/regenerate@1.4.2, npm/regenerator-runtime@0.13.9, npm/regenerator-transform@0.14.5, npm/regexp.prototype.flags@1.3.1, npm/regexpp@3.2.0, npm/regexpu-core@4.8.0, npm/registry-auth-token@4.2.1, npm/regjsgen@0.5.2, npm/regjsparser@0.7.0, npm/require-directory@2.1.1, npm/require-from-string@2.0.2, npm/resolve-from@4.0.0, npm/resolve@1.20.0, npm/restore-cursor@3.1.0, npm/retry@0.13.1, npm/reusify@1.0.4, npm/rfdc@1.3.0, npm/rgb-regex@1.0.1, npm/rgba-regex@1.0.0, npm/rimraf@3.0.2, npm/ripemd160@2.0.2, npm/rollup-plugin-bundle-size@1.0.3, npm/rollup-plugin-postcss@4.0.2, npm/rollup-plugin-terser@7.0.2, npm/rollup-plugin-typescript2@0.29.0, npm/rollup-pluginutils@2.8.2, npm/rollup@2.62.0, npm/run-parallel@1.2.0, npm/rxjs@7.5.1, npm/sade@1.8.0, npm/safe-buffer@5.1.2, npm/safe-identifier@0.4.2, npm/safer-buffer@2.1.2, npm/sax@1.2.4, npm/scheduler@0.20.2, npm/scroll-into-view-if-needed@2.2.28, npm/semantic-release@17.4.7, npm/semver-compare@1.0.0, npm/semver-diff@3.1.1, npm/semver-regex@3.1.3, npm/semver@7.3.5, npm/serialize-javascript@4.0.0, npm/setimmediate@1.0.5, npm/setprototypeof@1.1.1, npm/sha.js@2.4.11, npm/shebang-command@2.0.0, npm/shebang-regex@3.0.0, npm/shell-quote@1.7.2, npm/side-channel@1.0.4, npm/signal-exit@3.0.6, npm/signale@1.4.0, npm/simple-swizzle@0.2.2, npm/slash@3.0.0, npm/slice-ansi@4.0.0, npm/smooth-scroll-into-view-if-needed@1.1.32, npm/sort-object-keys@1.1.3, npm/sort-order@1.0.1, npm/source-map-js@1.0.1, npm/source-map-support@0.5.21, npm/source-map@0.5.7, npm/sourcemap-codec@1.4.8, npm/spawn-error-forwarder@1.0.0, npm/spdx-correct@3.1.1, npm/spdx-exceptions@2.3.0, npm/spdx-expression-parse@3.0.1, npm/spdx-license-ids@3.0.11, npm/split2@3.2.2, npm/split@1.0.1, npm/sprintf-js@1.0.3, npm/stable@0.1.8, npm/stacktrace-parser@0.1.10, npm/statuses@1.5.0, npm/stream-browserify@3.0.0, npm/stream-combiner2@1.1.1, npm/stream-http@3.1.1, npm/stream-parser@0.3.1, npm/string-argv@0.3.1, npm/string-hash@1.1.3, npm/string-natural-compare@3.0.1, npm/string-width@4.2.3, npm/string.prototype.matchall@4.0.6, npm/string.prototype.trimend@1.0.4, npm/string.prototype.trimstart@1.0.4, npm/string_decoder@1.3.0, npm/stringify-object@3.3.0, npm/strip-ansi@6.0.1, npm/strip-bom@3.0.0, npm/strip-final-newline@2.0.0, npm/strip-indent@3.0.0, npm/strip-json-comments@3.1.1, npm/style-inject@0.3.0, npm/styled-jsx@3.3.2, npm/stylehacks@5.0.1, npm/stylis-rule-sheet@0.0.10, npm/stylis@3.5.4, npm/supports-color@5.5.0, npm/supports-hyperlinks@2.2.0, npm/svgo@1.3.2, npm/tabbable@5.2.1, npm/table@6.7.5, npm/tailwindcss@2.2.19, npm/temp-dir@2.0.0, npm/tempy@1.0.1, npm/terser@5.10.0, npm/text-extensions@1.9.0, npm/text-table@0.2.0, npm/thenby@1.3.4, npm/through2@4.0.2, npm/through@2.3.8, npm/timers-browserify@2.0.12, npm/timsort@0.3.0, npm/tiny-glob@0.2.9, npm/tmp@0.2.1, npm/to-arraybuffer@1.0.1, npm/to-fast-properties@2.0.0, npm/to-regex-range@5.0.1, npm/toidentifier@1.0.0, npm/tr46@1.0.1, npm/traverse@0.6.6, npm/trim-newlines@3.0.1, npm/ts-pnp@1.2.0, npm/tsconfig-paths@3.12.0, npm/tslib@2.3.1, npm/tsutils@3.21.0, npm/tty-browserify@0.0.1, npm/type-check@0.4.0, npm/type-fest@0.20.2, npm/typescript@4.5.4, npm/uglify-js@3.14.5, npm/unbox-primitive@1.0.1, npm/unicode-canonical-property-names-ecmascript@2.0.0, npm/unicode-match-property-ecmascript@2.0.0, npm/unicode-match-property-value-ecmascript@2.0.0, npm/unicode-property-aliases-ecmascript@2.0.0, npm/uniq@1.0.1, npm/unique-string@2.0.0, npm/universal-user-agent@6.0.0, npm/universalify@2.0.0, npm/unpipe@1.0.0, npm/unquote@1.1.1, npm/uri-js@4.4.1, npm/url-join@4.0.1, npm/url@0.11.0, npm/use-isomorphic-layout-effect@1.1.1, npm/use-subscription@1.5.1, npm/util-deprecate@1.0.2, npm/util.promisify@1.0.1, npm/util@0.12.3, npm/v8-compile-cache@2.3.0, npm/validate-npm-package-license@3.0.4, npm/vm-browserify@1.1.2, npm/warning@4.0.3, npm/watchpack@2.1.1, npm/webidl-conversions@4.0.2, npm/whatwg-url@7.1.0, npm/which-boxed-primitive@1.0.2, npm/which-typed-array@1.1.7, npm/which@2.0.2, npm/word-wrap@1.2.3, npm/wordwrap@1.0.0, npm/wrap-ansi@7.0.0, npm/wrappy@1.0.2, npm/xstate@4.27.0, npm/xtend@4.0.2, npm/y18n@5.0.8, npm/yallist@4.0.0, npm/yaml@1.10.2, npm/yargs-parser@20.2.9, npm/yargs@16.2.0, npm/yocto-queue@0.1.0

View full report↗︎

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
react-spring-bottom-sheet	❌ Failed (Inspect)			Nov 14, 2024 10:33pm

[socket-security]

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert	Package	Note	CI
Critical CVE	npm/json-schema@0.2.3	CVE: GHSA-896r-f27r-55mw json-schema is vulnerable to Prototype Pollution (CRITICAL) Affected versions: < 0.4.0 Patched version: 0.4.0	⚠︎

View full report↗︎

Next steps

What is a critical CVE?

Contains a Critical Common Vulnerability and Exposure (CVE).

Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all

• @SocketSecurity ignore npm/json-schema@0.2.3