chore: bump the major group across 1 directory with 2 updates by dependabot[bot] · Pull Request #570 · Aureliolo/synthorg

dependabot · 2026-03-19T06:10:46Z

Bumps the major group with 2 updates in the /web directory: @tailwindcss/vite and tailwindcss.

Updates @tailwindcss/vite from 0.0.0-insiders.a4be983 to 4.2.2

Release notes

Sourced from @tailwindcss/vite's releases.

v4.2.2

Added

Support Vite 8 in @tailwindcss/vite (#19790)

Fixed

Don't crash when candidates contain prototype properties like row-constructor (#19725)

Canonicalize calc(var(--spacing)*…) expressions into --spacing(…) (#19769)

Fix crash in canonicalization step when handling utilities containing @property at-rules (e.g. shadow-sm border) (#19727)

Skip full reload for server only modules scanned by client CSS when using @tailwindcss/vite (#19745)

Improve canonicalization for bare values exceeding default spacing scale suggestions (e.g. w-1234 h-1234 → size-1234) (#19809)

Fix canonicalization resulting in empty list (e.g. w-5 h-5 size-5 → '' instead of size-5) (#19812)

v4.2.1

Fixed

Allow trailing dash in functional utility names for backwards compatibility (#19696)

Properly detect classes containing . characters within curly braces in MDX files (#19711)

v4.2.0

Added

Add mauve, olive, mist, and taupe color palettes to the default theme (#19627)

Add @tailwindcss/webpack package to run Tailwind CSS as a webpack plugin (#19610)

Add pbs-* and pbe-* utilities for padding-block-start and padding-block-end (#19601)

Add mbs-* and mbe-* utilities for margin-block-start and margin-block-end (#19601)

Add scroll-pbs-* and scroll-pbe-* utilities for scroll-padding-block-start and scroll-padding-block-end (#19601)

Add scroll-mbs-* and scroll-mbe-* utilities for scroll-margin-block-start and scroll-margin-block-end (#19601)

Add border-bs-* and border-be-* utilities for border-block-start and border-block-end (#19601)

Add inline-*, min-inline-*, max-inline-* utilities for inline-size, min-inline-size, and max-inline-size (#19612)

Add block-*, min-block-*, max-block-* utilities for block-size, min-block-size, and max-block-size (#19612)

Add inset-s-*, inset-e-*, inset-bs-*, inset-be-* utilities for inset-inline-start, inset-inline-end, inset-block-start, and inset-block-end (#19613)

Add font-features-* utility for font-feature-settings (#19623)

Fixed

Prevent double @supports wrapper for color-mix values (#19450)

Allow whitespace around @source inline() argument (#19461)

Emit comment when source maps are saved to files when using @tailwindcss/cli (#19447)

Detect utilities containing capital letters followed by numbers (#19465)

Fix class extraction for Rails' strict locals (#19525)

Align @utility name validation with Oxide scanner rules (#19524)

Fix infinite loop when using @variant inside @custom-variant (#19633)

Allow multiples of .25 in aspect-* fractions (e.g. aspect-8.5/11) (#19688)

Ensure changes to external files listed via @source trigger a full page reload when using @tailwindcss/vite (#19670)

Improve performance of Oxide scanner in bigger projects by reducing file system walks (#19632)

Ensure import aliases in Astro v5 work without crashing when using @tailwindcss/vite (#19677)

Allow escape characters in @utility names to improve support with formatters such as Biome (#19626)

Fix incorrect canonicalization results when canonicalizing multiple times (#19675)

... (truncated)

Changelog

Sourced from @tailwindcss/vite's changelog.

[4.2.2] - 2026-03-18

Fixed

Don't crash when candidates contain prototype properties like row-constructor (#19725)

Canonicalize calc(var(--spacing)*…) expressions into --spacing(…) (#19769)

Fix crash in canonicalization step when handling utilities containing @property at-rules (e.g. shadow-sm border) (#19727)

Skip full reload for server only modules scanned by client CSS when using @tailwindcss/vite (#19745)

Add support for Vite 8 in @tailwindcss/vite (#19790)

Improve canonicalization for bare values exceeding default spacing scale suggestions (e.g. w-1234 h-1234 → size-1234) (#19809)

Fix canonicalization resulting in empty list (e.g. w-5 h-5 size-5 → '' instead of size-5) (#19812)

[4.2.1] - 2026-02-23

Fixed

Allow trailing dash in functional utility names for backwards compatibility (#19696)

Properly detect classes containing . characters within curly braces in MDX files (#19711)

[4.2.0] - 2026-02-18

Added

Add mauve, olive, mist, and taupe color palettes to the default theme (#19627)

Add @tailwindcss/webpack package to run Tailwind CSS as a webpack plugin (#19610)

Add pbs-* and pbe-* utilities for padding-block-start and padding-block-end (#19601)

Add mbs-* and mbe-* utilities for margin-block-start and margin-block-end (#19601)

Add scroll-pbs-* and scroll-pbe-* utilities for scroll-padding-block-start and scroll-padding-block-end (#19601)

Add scroll-mbs-* and scroll-mbe-* utilities for scroll-margin-block-start and scroll-margin-block-end (#19601)

Add border-bs-* and border-be-* utilities for border-block-start and border-block-end (#19601)

Add inline-*, min-inline-*, max-inline-* utilities for inline-size, min-inline-size, and max-inline-size (#19612)

Add block-*, min-block-*, max-block-* utilities for block-size, min-block-size, and max-block-size (#19612)

Add inset-s-*, inset-e-*, inset-bs-*, inset-be-* utilities for inset-inline-start, inset-inline-end, inset-block-start, and inset-block-end (#19613)

Add font-features-* utility for font-feature-settings (#19623)

Fixed

Prevent double @supports wrapper for color-mix values (#19450)

Allow whitespace around @source inline() argument (#19461)

Emit comment when source maps are saved to files when using @tailwindcss/cli (#19447)

Detect utilities containing capital letters followed by numbers (#19465)

Fix class extraction for Rails' strict locals (#19525)

Align @utility name validation with Oxide scanner rules (#19524)

Fix infinite loop when using @variant inside @custom-variant (#19633)

Allow multiples of .25 in aspect-* fractions (e.g. aspect-8.5/11) (#19688)

Ensure changes to external files listed via @source trigger a full page reload when using @tailwindcss/vite (#19670)

Improve performance of Oxide scanner in bigger projects by reducing file system walks (#19632)

Ensure import aliases in Astro v5 work without crashing when using @tailwindcss/vite (#19677)

Allow escape characters in @utility names to improve support with formatters such as Biome (#19626)

Fix incorrect canonicalization results when canonicalizing multiple times (#19675)

... (truncated)

Commits

See full diff in compare view

Updates tailwindcss from 0.0.0-insiders.a4be983 to 4.2.2

Release notes

Sourced from tailwindcss's releases.

v4.2.2

Added

Support Vite 8 in @tailwindcss/vite (#19790)

Fixed

Don't crash when candidates contain prototype properties like row-constructor (#19725)

Canonicalize calc(var(--spacing)*…) expressions into --spacing(…) (#19769)

Fix crash in canonicalization step when handling utilities containing @property at-rules (e.g. shadow-sm border) (#19727)

Skip full reload for server only modules scanned by client CSS when using @tailwindcss/vite (#19745)

Improve canonicalization for bare values exceeding default spacing scale suggestions (e.g. w-1234 h-1234 → size-1234) (#19809)

Fix canonicalization resulting in empty list (e.g. w-5 h-5 size-5 → '' instead of size-5) (#19812)

v4.2.1

Fixed

Allow trailing dash in functional utility names for backwards compatibility (#19696)

Properly detect classes containing . characters within curly braces in MDX files (#19711)

v4.2.0

Added

Add mauve, olive, mist, and taupe color palettes to the default theme (#19627)

Add @tailwindcss/webpack package to run Tailwind CSS as a webpack plugin (#19610)

Add pbs-* and pbe-* utilities for padding-block-start and padding-block-end (#19601)

Add mbs-* and mbe-* utilities for margin-block-start and margin-block-end (#19601)

Add scroll-pbs-* and scroll-pbe-* utilities for scroll-padding-block-start and scroll-padding-block-end (#19601)

Add scroll-mbs-* and scroll-mbe-* utilities for scroll-margin-block-start and scroll-margin-block-end (#19601)

Add border-bs-* and border-be-* utilities for border-block-start and border-block-end (#19601)

Add inline-*, min-inline-*, max-inline-* utilities for inline-size, min-inline-size, and max-inline-size (#19612)

Add block-*, min-block-*, max-block-* utilities for block-size, min-block-size, and max-block-size (#19612)

Add inset-s-*, inset-e-*, inset-bs-*, inset-be-* utilities for inset-inline-start, inset-inline-end, inset-block-start, and inset-block-end (#19613)

Add font-features-* utility for font-feature-settings (#19623)

Fixed

Prevent double @supports wrapper for color-mix values (#19450)

Allow whitespace around @source inline() argument (#19461)

Emit comment when source maps are saved to files when using @tailwindcss/cli (#19447)

Detect utilities containing capital letters followed by numbers (#19465)

Fix class extraction for Rails' strict locals (#19525)

Align @utility name validation with Oxide scanner rules (#19524)

Fix infinite loop when using @variant inside @custom-variant (#19633)

Allow multiples of .25 in aspect-* fractions (e.g. aspect-8.5/11) (#19688)

Ensure changes to external files listed via @source trigger a full page reload when using @tailwindcss/vite (#19670)

Improve performance of Oxide scanner in bigger projects by reducing file system walks (#19632)

Ensure import aliases in Astro v5 work without crashing when using @tailwindcss/vite (#19677)

Allow escape characters in @utility names to improve support with formatters such as Biome (#19626)

Fix incorrect canonicalization results when canonicalizing multiple times (#19675)

... (truncated)

Changelog

Sourced from tailwindcss's changelog.

[4.2.2] - 2026-03-18

Fixed

Don't crash when candidates contain prototype properties like row-constructor (#19725)

Canonicalize calc(var(--spacing)*…) expressions into --spacing(…) (#19769)

Fix crash in canonicalization step when handling utilities containing @property at-rules (e.g. shadow-sm border) (#19727)

Skip full reload for server only modules scanned by client CSS when using @tailwindcss/vite (#19745)

Add support for Vite 8 in @tailwindcss/vite (#19790)

Improve canonicalization for bare values exceeding default spacing scale suggestions (e.g. w-1234 h-1234 → size-1234) (#19809)

Fix canonicalization resulting in empty list (e.g. w-5 h-5 size-5 → '' instead of size-5) (#19812)

[4.2.1] - 2026-02-23

Fixed

Allow trailing dash in functional utility names for backwards compatibility (#19696)

Properly detect classes containing . characters within curly braces in MDX files (#19711)

[4.2.0] - 2026-02-18

Added

Add mauve, olive, mist, and taupe color palettes to the default theme (#19627)

Add @tailwindcss/webpack package to run Tailwind CSS as a webpack plugin (#19610)

Add pbs-* and pbe-* utilities for padding-block-start and padding-block-end (#19601)

Add mbs-* and mbe-* utilities for margin-block-start and margin-block-end (#19601)

Add scroll-pbs-* and scroll-pbe-* utilities for scroll-padding-block-start and scroll-padding-block-end (#19601)

Add scroll-mbs-* and scroll-mbe-* utilities for scroll-margin-block-start and scroll-margin-block-end (#19601)

Add border-bs-* and border-be-* utilities for border-block-start and border-block-end (#19601)

Add inline-*, min-inline-*, max-inline-* utilities for inline-size, min-inline-size, and max-inline-size (#19612)

Add block-*, min-block-*, max-block-* utilities for block-size, min-block-size, and max-block-size (#19612)

Add inset-s-*, inset-e-*, inset-bs-*, inset-be-* utilities for inset-inline-start, inset-inline-end, inset-block-start, and inset-block-end (#19613)

Add font-features-* utility for font-feature-settings (#19623)

Fixed

Prevent double @supports wrapper for color-mix values (#19450)

Allow whitespace around @source inline() argument (#19461)

Emit comment when source maps are saved to files when using @tailwindcss/cli (#19447)

Detect utilities containing capital letters followed by numbers (#19465)

Fix class extraction for Rails' strict locals (#19525)

Align @utility name validation with Oxide scanner rules (#19524)

Fix infinite loop when using @variant inside @custom-variant (#19633)

Allow multiples of .25 in aspect-* fractions (e.g. aspect-8.5/11) (#19688)

Ensure changes to external files listed via @source trigger a full page reload when using @tailwindcss/vite (#19670)

Improve performance of Oxide scanner in bigger projects by reducing file system walks (#19632)

Ensure import aliases in Astro v5 work without crashing when using @tailwindcss/vite (#19677)

Allow escape characters in @utility names to improve support with formatters such as Biome (#19626)

Fix incorrect canonicalization results when canonicalizing multiple times (#19675)

... (truncated)

Commits

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the major group with 2 updates in the /web directory: [@tailwindcss/vite](https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/@tailwindcss-vite) and [tailwindcss](https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/tailwindcss). Updates `@tailwindcss/vite` from 0.0.0-insiders.a4be983 to 4.2.2 - [Release notes](https://github.com/tailwindlabs/tailwindcss/releases) - [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md) - [Commits](https://github.com/tailwindlabs/tailwindcss/commits/v4.2.2/packages/@tailwindcss-vite) Updates `tailwindcss` from 0.0.0-insiders.a4be983 to 4.2.2 - [Release notes](https://github.com/tailwindlabs/tailwindcss/releases) - [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md) - [Commits](https://github.com/tailwindlabs/tailwindcss/commits/v4.2.2/packages/tailwindcss) --- updated-dependencies: - dependency-name: "@tailwindcss/vite" dependency-version: 4.2.2 dependency-type: direct:production update-type: version-update:semver-major dependency-group: major - dependency-name: tailwindcss dependency-version: 4.2.2 dependency-type: direct:production update-type: version-update:semver-major dependency-group: major ... Signed-off-by: dependabot[bot] <support@github.com>

github-actions · 2026-03-19T06:11:10Z

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Scorecard details

Package

Version

Score

Details

npm/@tailwindcss/node

4.2.2

🟢 6.2

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 4	Found 10/25 approved changesets -- score normalized to 4
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 10	license file detected
Fuzzing	🟢 10	project is fuzzed
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Packaging	🟢 10	packaging workflow detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@tailwindcss/oxide

4.2.2

🟢 6.2

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 4	Found 10/25 approved changesets -- score normalized to 4
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 10	license file detected
Fuzzing	🟢 10	project is fuzzed
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Packaging	🟢 10	packaging workflow detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@tailwindcss/oxide-android-arm64

4.2.2

🟢 6.2

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 4	Found 10/25 approved changesets -- score normalized to 4
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 10	license file detected
Fuzzing	🟢 10	project is fuzzed
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Packaging	🟢 10	packaging workflow detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@tailwindcss/oxide-darwin-arm64

4.2.2

🟢 6.2

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 4	Found 10/25 approved changesets -- score normalized to 4
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 10	license file detected
Fuzzing	🟢 10	project is fuzzed
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Packaging	🟢 10	packaging workflow detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@tailwindcss/oxide-darwin-x64

4.2.2

🟢 6.2

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 4	Found 10/25 approved changesets -- score normalized to 4
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 10	license file detected
Fuzzing	🟢 10	project is fuzzed
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Packaging	🟢 10	packaging workflow detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@tailwindcss/oxide-freebsd-x64

4.2.2

🟢 6.2

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 4	Found 10/25 approved changesets -- score normalized to 4
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 10	license file detected
Fuzzing	🟢 10	project is fuzzed
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Packaging	🟢 10	packaging workflow detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@tailwindcss/oxide-linux-arm-gnueabihf

4.2.2

🟢 6.2

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 4	Found 10/25 approved changesets -- score normalized to 4
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 10	license file detected
Fuzzing	🟢 10	project is fuzzed
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Packaging	🟢 10	packaging workflow detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@tailwindcss/oxide-linux-arm64-gnu

4.2.2

🟢 6.2

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 4	Found 10/25 approved changesets -- score normalized to 4
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 10	license file detected
Fuzzing	🟢 10	project is fuzzed
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Packaging	🟢 10	packaging workflow detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@tailwindcss/oxide-linux-arm64-musl

4.2.2

🟢 6.2

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 4	Found 10/25 approved changesets -- score normalized to 4
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 10	license file detected
Fuzzing	🟢 10	project is fuzzed
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Packaging	🟢 10	packaging workflow detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@tailwindcss/oxide-linux-x64-gnu

4.2.2

🟢 6.2

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 4	Found 10/25 approved changesets -- score normalized to 4
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 10	license file detected
Fuzzing	🟢 10	project is fuzzed
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Packaging	🟢 10	packaging workflow detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@tailwindcss/oxide-linux-x64-musl

4.2.2

🟢 6.2

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 4	Found 10/25 approved changesets -- score normalized to 4
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 10	license file detected
Fuzzing	🟢 10	project is fuzzed
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Packaging	🟢 10	packaging workflow detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@tailwindcss/oxide-wasm32-wasi

4.2.2

🟢 6.2

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 4	Found 10/25 approved changesets -- score normalized to 4
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 10	license file detected
Fuzzing	🟢 10	project is fuzzed
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Packaging	🟢 10	packaging workflow detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@tailwindcss/oxide-win32-arm64-msvc

4.2.2

🟢 6.2

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 4	Found 10/25 approved changesets -- score normalized to 4
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 10	license file detected
Fuzzing	🟢 10	project is fuzzed
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Packaging	🟢 10	packaging workflow detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@tailwindcss/oxide-win32-x64-msvc

4.2.2

🟢 6.2

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 4	Found 10/25 approved changesets -- score normalized to 4
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 10	license file detected
Fuzzing	🟢 10	project is fuzzed
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Packaging	🟢 10	packaging workflow detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@tailwindcss/vite

4.2.2

🟢 6.2

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 4	Found 10/25 approved changesets -- score normalized to 4
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 10	license file detected
Fuzzing	🟢 10	project is fuzzed
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Packaging	🟢 10	packaging workflow detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/enhanced-resolve

5.20.1

🟢 6.7

Details

Check	Score	Reason
Code-Review	🟢 4	Found 12/26 approved changesets -- score normalized to 4
Maintained	🟢 10	12 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	🟢 3	dependency not pinned by hash detected -- score normalized to 3
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Branch-Protection	🟢 5	branch protection is not maximal on development and all release branches
Signed-Releases	⚠️ -1	no releases found
Security-Policy	🟢 10	security policy file detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/tailwindcss

4.2.2

🟢 6.2

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 4	Found 10/25 approved changesets -- score normalized to 4
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 10	license file detected
Fuzzing	🟢 10	project is fuzzed
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Packaging	🟢 10	packaging workflow detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

Scanned Files

web/package-lock.json

socket-security · 2026-03-19T06:11:21Z

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Package	Supply Chain Security	Quality
npm/tailwindcss@0.0.0-insiders.a4be983 ⏵ 4.2.2	⁺¹	⁺¹
npm/@tailwindcss/vite@0.0.0-insiders.a4be983 ⏵ 4.2.2		⁺¹
npm/wrangler@4.75.0

View full report

Aureliolo

Changelog reviewed. Tailwind 4.2.2 stable now supports Vite 8 -- this completes the insiders-to-stable migration (closes #390). CI Pass green. Docker Build Web failure is pre-existing (CVE-2026-32767 in libexpat, nginx base image -- unrelated to this PR).

Recommended before merge: Change version pins in web/package.json from exact 4.2.2 to ^4 semver ranges (matching site/ convention) to avoid future major-group PRs for every patch.

🤖 I have created a release *beep* *boop* --- ## [0.3.6](v0.3.5...v0.3.6) (2026-03-19) ### Features * **cli:** add backup subcommands (backup, backup list, backup restore) ([#568](#568)) ([4c06b1d](4c06b1d)) * **engine:** implement execution loop auto-selection based on task complexity ([#567](#567)) ([5bfc2c6](5bfc2c6)) ### Bug Fixes * activate structured logging pipeline -- wire 8-sink system, integrate Uvicorn, suppress spam ([#572](#572)) ([9b6bf33](9b6bf33)) * **cli:** bump grpc-go v1.79.3 -- CVE-2026-33186 auth bypass ([#574](#574)) ([f0171c9](f0171c9)) * resolve OpenAPI schema validation warnings for union/optional fields ([#558](#558)) ([5d96b2b](5d96b2b)) ### CI/CD * bump codecov/codecov-action from 5.5.2 to 5.5.3 in the minor-and-patch group ([#571](#571)) ([267f685](267f685)) * ignore chainguard/python in Dependabot docker updates ([#575](#575)) ([1935eaa](1935eaa)) ### Maintenance * bump the major group across 1 directory with 2 updates ([#570](#570)) ([b98f82c](b98f82c)) * bump the minor-and-patch group across 2 directories with 4 updates ([#569](#569)) ([3295168](3295168)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). --------- Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

dependabot bot added the type:chore Maintenance, cleanup, dependency updates label Mar 19, 2026

dependabot bot requested a review from Aureliolo as a code owner March 19, 2026 06:10

dependabot bot added the type:chore Maintenance, cleanup, dependency updates label Mar 19, 2026

Merge branch 'main' into dependabot/npm_and_yarn/web/major-97bcedbae3

870f7de

Aureliolo approved these changes Mar 19, 2026

View reviewed changes

Aureliolo mentioned this pull request Mar 19, 2026

chore: bump the minor-and-patch group across 2 directories with 4 updates #569

Merged

Aureliolo merged commit b98f82c into main Mar 19, 2026
26 of 27 checks passed

Aureliolo deleted the dependabot/npm_and_yarn/web/major-97bcedbae3 branch March 19, 2026 07:23

This was referenced Mar 19, 2026

chore(main): release 0.3.6 #573

Merged

chore: revert Tailwind CSS from insiders to stable once Vite 8 support ships #390

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore: bump the major group across 1 directory with 2 updates#570

chore: bump the major group across 1 directory with 2 updates#570
Aureliolo merged 2 commits intomainfrom
dependabot/npm_and_yarn/web/major-97bcedbae3

dependabot bot commented on behalf of github Mar 19, 2026

Uh oh!

github-actions bot commented Mar 19, 2026 •

edited

Loading

Uh oh!

socket-security bot commented Mar 19, 2026 •

edited

Loading

Uh oh!

Aureliolo left a comment

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot bot commented on behalf of github Mar 19, 2026

v4.2.2

Added

Fixed

v4.2.1

Fixed

v4.2.0

Added

Fixed

[4.2.2] - 2026-03-18

Fixed

[4.2.1] - 2026-02-23

Fixed

[4.2.0] - 2026-02-18

Added

Fixed

v4.2.2

Added

Fixed

v4.2.1

Fixed

v4.2.0

Added

Fixed

[4.2.2] - 2026-03-18

Fixed

[4.2.1] - 2026-02-23

Fixed

[4.2.0] - 2026-02-18

Added

Fixed

Uh oh!

github-actions bot commented Mar 19, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Dependency Review

OpenSSF Scorecard

Scanned Files

Uh oh!

socket-security bot commented Mar 19, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Aureliolo left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

github-actions bot commented Mar 19, 2026 •

edited

Loading

socket-security bot commented Mar 19, 2026 •

edited

Loading