chore: Bump the other group across 1 directory with 9 updates

[dependabot]

Bumps the other group with 9 updates in the / directory:

Package	From	To
@anywidget/react	0.2.1	0.2.2
uuid	13.0.0	14.0.0
@anywidget/types	0.2.0	0.4.0
@biomejs/biome	2.3.10	2.4.13
@statelyai/inspect	0.4.0	0.7.1
esbuild	0.27.7	0.28.0
postcss-preset-env	10.6.1	11.2.1
tailwindcss	3.4.19	4.2.4
typescript	5.9.3	6.0.3

Updates @anywidget/react from 0.2.1 to 0.2.2

Release notes

Sourced from @​anywidget/react's releases.

@​anywidget/react@​0.2.2

Patch Changes

• Updated dependencies [f227c83, f227c83, f227c83]:
  • @​anywidget/types@​0.4.0

Commits

• 5789879 Version Packages (#986)
• 4d15a1f Draft v0.11 release blog post (#991)
• bd746a4 chore(deps): bump esbuild from 0.21.5 to 0.28.0 in the prod-dependencies grou...
• c575c88 chore(deps-dev): bump @​typescript/native-preview from 7.0.0-dev.20260410.1 to...
• aec303e chore(deps): bump @​types/node from 12.20.55 to 25.6.0 (#981)
• 77c5b81 chore(deps): bump react-dom and @​types/react-dom (#982)
• cb1f469 chore(deps-dev): bump the dev-dependencies group across 1 directory with 3 up...
• b76b9c6 Fix orphaned ready promise on widget rebind (#988)
• 0399b9a Fix HMR race when _esm changes during widget load (#987)
• bad65ae Rename snake_case identifiers to camelCase (#977)
• Additional commits viewable in compare view

Updates uuid from 13.0.0 to 14.0.0

Release notes

Sourced from uuid's releases.

v14.0.0

14.0.0 (2026-04-19)

⚠ BREAKING CHANGES

• expect crypto to be global everywhere (requires node@20+) (#935)
• drop node@18 support (#934)

Features

• drop node@18 support (#934) (dc4ddb8)

Bug Fixes

• expect crypto to be global everywhere (requires node@20+) (#935) (f2c235f)
• Use GITHUB_TOKEN for release-please and enable npm provenance (#925) (ffa3138)

v13.0.1

13.0.1 (2026-04-27)

Bug Fixes

• backport fix for GHSA-w5hq-g745-h8pq (9d27ddf)

Changelog

Sourced from uuid's changelog.

14.0.0 (2026-04-19)

Security

• Fixes GHSA-w5hq-g745-h8pq: v3(), v5(), and v6() did not validate that writes would remain within the bounds of a caller-supplied buffer, allowing out-of-bounds writes when an invalid offset was provided. A RangeError is now thrown if offset < 0 or offset + 16 > buf.length.

⚠ BREAKING CHANGES

• crypto is now expected to be globally defined (requires node@20+) (#935)
• drop node@18 support (#934)
• upgrade minimum supported TypeScript version to 5.4.3, in keeping with the project's policy of supporting TypeScript versions released within the last two years

Commits

• 7c1ea08 chore(main): release 14.0.0 (#926)
• 3d2c5b0 Merge commit from fork
• f2c235f fix!: expect crypto to be global everywhere (requires node@20+) (#935)
• 529ef08 chore: upgrade TypeScript and fixup types (#927)
• 086fd79 chore: update dependencies (#933)
• dc4ddb8 feat!: drop node@18 support (#934)
• 0f1f9c9 chore: switch to Biome for parsing and linting (#932)
• e2879e6 chore: use maintained version of npm-run-all (#930)
• ffa3138 fix: Use GITHUB_TOKEN for release-please and enable npm provenance (#925)
• 0423d49 docs: remove obsolete v1 option notes (#915)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for uuid since your current version.

Updates @anywidget/types from 0.2.0 to 0.4.0

Release notes

Sourced from @​anywidget/types's releases.

@​anywidget/types@​0.4.0

Minor Changes

• Allow initialize to return an exports object (#974)

  initialize can now return a plain object to expose a programmatic API for the widget. This API is accessible to parent widgets via host.getWidget().

  export default {
    initialize({ model }) {
      return {
        getValue: () => model.get("value"),
        setValue: (v) => {
          model.set("value", v);
          model.save_changes();
        },
      };
    },
    render({ model, el }) {
      /* ... */
    },
  };

  The return type is distinguished by typeof: functions are treated as cleanup callbacks (existing behavior), objects are treated as exports, and void means neither.

• Add signal (AbortSignal) to initialize and render props for lifecycle cleanup (#974)

  Both initialize and render now receive an AbortSignal via the signal prop. The signal is aborted when the widget is destroyed (or during HMR). This is the preferred way to manage cleanup going forward — it composes with the broader web platform (addEventListener, fetch, child widgets) and avoids the need to manually track teardown logic.

  The previous callback-based pattern continues to work but is no longer recommended:

  // before
  export default {
    render({ model, el }) {
      let handler = () => { /* ... */ };
      model.on("change:value", handler);
      return () => model.off("change:value", handler);
    },
  };
  // after
  export default {
  render({ model, el, signal }) {
  let handler = () => { /* ... */ };
  model.on("change:value", handler);
  signal.addEventListener("abort", () => model.off("change:value", handler));
  },
  };

... (truncated)

Commits

• 5789879 Version Packages (#986)
• 4d15a1f Draft v0.11 release blog post (#991)
• bd746a4 chore(deps): bump esbuild from 0.21.5 to 0.28.0 in the prod-dependencies grou...
• c575c88 chore(deps-dev): bump @​typescript/native-preview from 7.0.0-dev.20260410.1 to...
• aec303e chore(deps): bump @​types/node from 12.20.55 to 25.6.0 (#981)
• 77c5b81 chore(deps): bump react-dom and @​types/react-dom (#982)
• cb1f469 chore(deps-dev): bump the dev-dependencies group across 1 directory with 3 up...
• b76b9c6 Fix orphaned ready promise on widget rebind (#988)
• 0399b9a Fix HMR race when _esm changes during widget load (#987)
• bad65ae Rename snake_case identifiers to camelCase (#977)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​anywidget/types since your current version.

Updates @biomejs/biome from 2.3.10 to 2.4.13

Release notes

Sourced from @​biomejs/biome's releases.

Biome CLI v2.4.13

2.4.13

Patch Changes

• #9969 c5eb92b Thanks @​officialasishkumar! - Added the nursery rule noUnnecessaryTemplateExpression, which disallows template literals that only contain string literal expressions. These can be replaced with a simpler string literal.

  For example, the following code triggers the rule:

  const a = `${"hello"}`; // can be 'hello'
  const b = `${"prefix"}_suffix`; // can be 'prefix_suffix'
  const c = `${"a"}${"b"}`; // can be 'ab'

• #10037 f785e8c Thanks @​minseong0324! - Fixed #9810: noMisleadingReturnType no longer reports false positives on a getter with a matching setter in the same namespace.

  class Store {
    get status(): string {
      if (Math.random() > 0.5) return "loading";
      return "idle";
    }
    set status(v: string) {}
  }

• #10084 5e2f90c Thanks @​jiwon79! - Fixed #10034: noUselessEscapeInRegex no longer flags escapes of ClassSetReservedPunctuator characters (&, !, #, %, ,, :, ;, <, =, >, @, `, ~) inside v-flag character classes as useless. These characters are reserved as individual code points in v-mode, so the escape is required.

  The following pattern is now considered valid:

  /[a-z\&]/v;

• #10063 c9ffa16 Thanks @​Netail! - Added extra rule sources from ESLint CSS. biome migrate eslint should do a bit better detecting rules in your eslint configurations.

• #10035 946b50e Thanks @​Netail! - Fixed #10032: useIframeSandbox now flags if there's no initializer value.

• #9865 68fb8d4 Thanks @​dyc3! - Added the new nursery rule useDomNodeTextContent, which prefers textContent over innerText for DOM node text access and destructuring.

  For example, the following snippet triggers the rule:

  const foo = node.innerText;

• #10023 bd1e74f Thanks @​ematipico! - Added a new nursery rule noReactNativeDeepImports that disallows deep imports from the react-native package. Internal paths like react-native/Libraries/... are not part of the public API and may change between versions.

... (truncated)

Changelog

Sourced from @​biomejs/biome's changelog.

2.4.13

Patch Changes

• #9969 c5eb92b Thanks @​officialasishkumar! - Added the nursery rule noUnnecessaryTemplateExpression, which disallows template literals that only contain string literal expressions. These can be replaced with a simpler string literal.

  For example, the following code triggers the rule:

  const a = `${"hello"}`; // can be 'hello'
  const b = `${"prefix"}_suffix`; // can be 'prefix_suffix'
  const c = `${"a"}${"b"}`; // can be 'ab'

• #10037 f785e8c Thanks @​minseong0324! - Fixed #9810: noMisleadingReturnType no longer reports false positives on a getter with a matching setter in the same namespace.

  class Store {
    get status(): string {
      if (Math.random() > 0.5) return "loading";
      return "idle";
    }
    set status(v: string) {}
  }

• #10084 5e2f90c Thanks @​jiwon79! - Fixed #10034: noUselessEscapeInRegex no longer flags escapes of ClassSetReservedPunctuator characters (&, !, #, %, ,, :, ;, <, =, >, @, `, ~) inside v-flag character classes as useless. These characters are reserved as individual code points in v-mode, so the escape is required.

  The following pattern is now considered valid:

  /[a-z\&]/v;

• #10063 c9ffa16 Thanks @​Netail! - Added extra rule sources from ESLint CSS. biome migrate eslint should do a bit better detecting rules in your eslint configurations.

• #10035 946b50e Thanks @​Netail! - Fixed #10032: useIframeSandbox now flags if there's no initializer value.

• #9865 68fb8d4 Thanks @​dyc3! - Added the new nursery rule useDomNodeTextContent, which prefers textContent over innerText for DOM node text access and destructuring.

  For example, the following snippet triggers the rule:

  const foo = node.innerText;

• #10023 bd1e74f Thanks @​ematipico! - Added a new nursery rule noReactNativeDeepImports that disallows deep imports from the react-native package. Internal paths like react-native/Libraries/... are not part of the public API and may change between versions.

  For example, the following code triggers the rule:

... (truncated)

Commits

• e316150 ci: release (#9991)
• 11ddc05 feat(lint): add useReactNativePlatformComponents rule and options (#10033)
• 1603f78 feat(js_analyze): implement noJsxLeakedDollar (#9911)
• c5eb92b feat(linter): add nursery rule noUnnecessaryTemplateExpression (#9969)
• 5cc83b1 feat(lint/js): add noLoopFunc (#9815)
• bd1e74f feat(lint): add react native deep import rule (#10023)
• 68fb8d4 feat(lint/js): add useDomNodeTextContent (#9865)
• 94ccca9 feat(lint): add noReactNativeLiteralColors (#10012)
• 3dce737 feat(lint/js): add useDomQuerySelector (#9885)
• 131019e feat(lint): add noReactNativeRawText (#10005)
• Additional commits viewable in compare view

Updates @statelyai/inspect from 0.4.0 to 0.7.1

Release notes

Sourced from @​statelyai/inspect's releases.

v0.7.1

Patch Changes

• e79da70 Thanks @​davidkpiano! - Fix remove-node-module-import

v0.7.0

Minor Changes

• bcb4666 Thanks @​davidkpiano! - ### Breaking changes

  • ESM-only: the package is now "type": "module" and ships .mjs / .d.mts. Use import / import() instead of require() for @statelyai/inspect and @statelyai/inspect/server.

  Features

  • Add createInspectorServer() for Node.js inspection via WebSocket; import from @statelyai/inspect/server. The server relays inspection events to the Stately inspector UI in the browser (with buffering and replay for late connections).

  Fixes

  • createWebSocketInspector() now starts the WebSocket connection reliably.
  • stop() no longer throws if called before start().
  • Remove noisy console.log calls from the WebSocket adapter and receiver.

  Chores

  • Build with tsdown (Rolldown) instead of tsup; align tooling with @statelyai/graph (pnpm 10, Node 24 in CI, frozen lockfile, pnpm verify, publint).
  • Release workflow uses npm trusted publishing (OIDC); drop long-lived NPM_TOKEN from Actions.

Changelog

Sourced from @​statelyai/inspect's changelog.

0.7.1

Patch Changes

• e79da70 Thanks @​davidkpiano! - Fix remove-node-module-import

0.7.0

Minor Changes

• bcb4666 Thanks @​davidkpiano! - ### Breaking changes

  • ESM-only: the package is now "type": "module" and ships .mjs / .d.mts. Use import / import() instead of require() for @statelyai/inspect and @statelyai/inspect/server.

  Features

  • Add createInspectorServer() for Node.js inspection via WebSocket; import from @statelyai/inspect/server. The server relays inspection events to the Stately inspector UI in the browser (with buffering and replay for late connections).

  Fixes

  • createWebSocketInspector() now starts the WebSocket connection reliably.
  • stop() no longer throws if called before start().
  • Remove noisy console.log calls from the WebSocket adapter and receiver.

  Chores

  • Build with tsdown (Rolldown) instead of tsup; align tooling with @statelyai/graph (pnpm 10, Node 24 in CI, frozen lockfile, pnpm verify, publint).
  • Release workflow uses npm trusted publishing (OIDC); drop long-lived NPM_TOKEN from Actions.

0.7.0

Minor Changes

• #50 5c9a711 Thanks @​davidkpiano! - Add createInspectorServer() for inspecting Node.js apps via WebSocket. Import from @statelyai/inspect/server. The server relays inspection events to the Stately inspector UI in the browser.

  • Add createInspectorServer() with event buffering and replay
  • Fix createWebSocketInspector() not auto-starting the WebSocket connection
  • Fix stop() crash when called before start()
  • Remove noisy console.log calls from WebSocket adapter and receiver

0.6.0

Minor Changes

• #48 e1e45ed Thanks @​davidkpiano! - Fixed DOM serialization issues that could cause the inspector to freeze when HTML elements or deeply nested structures were included in state context. Added serializationDepthLimit option (default: 10) to prevent infinite recursion during serialization. HTMLElement instances are now safely converted to their outerHTML string representation.

0.5.2

Patch Changes

... (truncated)

Commits

• See full diff in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​statelyai/inspect since your current version.

Updates esbuild from 0.27.7 to 0.28.0

Release notes

Sourced from esbuild's releases.

v0.28.0

• Add support for with { type: 'text' } imports (#4435)

  The import text proposal has reached stage 3 in the TC39 process, which means that it's recommended for implementation. It has also already been implemented by Deno and Bun. So with this release, esbuild also adds support for it. This behaves exactly the same as esbuild's existing text loader. Here's an example:

  import string from './example.txt' with { type: 'text' }
  console.log(string)

• Add integrity checks to fallback download path (#4343)

  Installing esbuild via npm is somewhat complicated with several different edge cases (see esbuild's documentation for details). If the regular installation of esbuild's platform-specific package fails, esbuild's install script attempts to download the platform-specific package itself (first with the npm command, and then with a HTTP request to registry.npmjs.org as a last resort).

  This last resort path previously didn't have any integrity checks. With this release, esbuild will now verify that the hash of the downloaded binary matches the expected hash for the current release. This means the hashes for all of esbuild's platform-specific binary packages will now be embedded in the top-level esbuild package. Hopefully this should work without any problems. But just in case, this change is being done as a breaking change release.

• Update the Go compiler from 1.25.7 to 1.26.1

  This upgrade should not affect anything. However, there have been some significant internal changes to the Go compiler, so esbuild could potentially behave differently in certain edge cases:

  • It now uses the new garbage collector that comes with Go 1.26.
  • The Go compiler is now more aggressive with allocating memory on the stack.
  • The executable format that the Go linker uses has undergone several changes.
  • The WebAssembly build now unconditionally makes use of the sign extension and non-trapping floating-point to integer conversion instructions.

  You can read the Go 1.26 release notes for more information.

Changelog

Sourced from esbuild's changelog.

0.28.0

• Add support for with { type: 'text' } imports (#4435)

  The import text proposal has reached stage 3 in the TC39 process, which means that it's recommended for implementation. It has also already been implemented by Deno and Bun. So with this release, esbuild also adds support for it. This behaves exactly the same as esbuild's existing text loader. Here's an example:

  import string from './example.txt' with { type: 'text' }
  console.log(string)

• Add integrity checks to fallback download path (#4343)

  Installing esbuild via npm is somewhat complicated with several different edge cases (see esbuild's documentation for details). If the regular installation of esbuild's platform-specific package fails, esbuild's install script attempts to download the platform-specific package itself (first with the npm command, and then with a HTTP request to registry.npmjs.org as a last resort).

  This last resort path previously didn't have any integrity checks. With this release, esbuild will now verify that the hash of the downloaded binary matches the expected hash for the current release. This means the hashes for all of esbuild's platform-specific binary packages will now be embedded in the top-level esbuild package. Hopefully this should work without any problems. But just in case, this change is being done as a breaking change release.

• Update the Go compiler from 1.25.7 to 1.26.1

  This upgrade should not affect anything. However, there have been some significant internal changes to the Go compiler, so esbuild could potentially behave differently in certain edge cases:

  • It now uses the new garbage collector that comes with Go 1.26.
  • The Go compiler is now more aggressive with allocating memory on the stack.
  • The executable format that the Go linker uses has undergone several changes.
  • The WebAssembly build now unconditionally makes use of the sign extension and non-trapping floating-point to integer conversion instructions.

  You can read the Go 1.26 release notes for more information.

Commits

• 6a794df publish 0.28.0 to npm
• 64ee0ea fix #4435: support with { type: text } imports
• ef65aee fix sort order in snapshots_packagejson.txt
• 1a26a8e try to fix test-old-ts, also shuffle CI tasks
• 556ce6c use '' instead of null to omit build hashes
• 8e675a8 ci: allow missing binary hashes for tests
• 7067763 Reapply "update go 1.25.7 => 1.26.1"
• 39473a9 fix #4343: integrity check for binary download
• See full diff in compare view

Updates postcss-preset-env from 10.6.1 to 11.2.1

Changelog

Sourced from postcss-preset-env's changelog.

11.2.1

April 12, 2026

• Updated @csstools/css-color-parser to 4.1.0 (minor)
• Updated @csstools/css-calc to 3.2.0 (minor)

11.2.0

February 21, 2026

• Added @csstools/postcss-font-width-property Check the plugin README for usage details.
• Updated cssdb to 8.8.0

11.1.3

February 6, 2026

• Updated @csstools/postcss-text-decoration-shorthand to 5.0.2 (patch)

11.1.2

January 25, 2026

• Updated @csstools/postcss-normalize-display-values to 5.0.1 (patch)
• Updated @csstools/color-helpers to 6.0.1 (patch)

11.1.1

January 15, 2026

• Updated @csstools/postcss-alpha-function to 2.0.1 (patch)

11.1.0

January 14, 2026

• Added @csstools/postcss-mixins Check the plugin README for usage details.
• Updated cssdb to 8.7.0

11.0.1

January 14, 2026

• Updated css-blank-pseudo to 8.0.1 (patch)

11.0.0

January 14, 2026

... (truncated)

Commits

• See full diff in compare view

Updates tailwindcss from 3.4.19 to 4.2.4

Release notes

Sourced from tailwindcss's releases.

v4.2.4

Fixed

• Ensure imports in @import and @plugin still resolve correctly when using Vite aliases in @tailwindcss/vite (#19947)

v4.2.3

Fixed

• Canonicalization: improve canonicalizations for tracking-* utilities by preferring non-negative utilities (e.g. -tracking-tighter → tracking-wider) (#19827)
• Fix crash due to invalid characters in candidate (exceeding valid unicode code point range) (#19829)
• Ensure query params in imports are considered unique resources when using @tailwindcss/webpack (#19723)
• Canonicalization: collapse arbitrary values into shorthand utilities (e.g. px-[1.2rem] py-[1.2rem] → p-[1.2rem]) (#19837)
• Canonicalization: collapse border-{t,b}-* into border-y-*, border-{l,r}-* into border-x-*, and border-{t,r,b,l}-* into border-* (#19842)
• Canonicalization: collapse scroll-m{t,b}-* into scroll-my-*, scroll-m{l,r}-* into scroll-mx-*, and scroll-m{t,r,b,l}-* into scroll-m-* (#19842)
• Canonicalization: collapse scroll-p{t,b}-* into scroll-py-*, scroll-p{l,r}-* into scroll-px-*, and scroll-p{t,r,b,l}-* into scroll-p-* (#19842)
• Canonicalization: collapse overflow-{x,y}-* into overflow-* (#19842)
• Canonicalization: collapse overscroll-{x,y}-* into overscroll-* (#19842)
• Read from --placeholder-color instead of --background-color for placeholder-* utilities (#19843)
• Upgrade: ensure files are not emptied out when killing the upgrade process while it's running (#19846)
• Upgrade: use config.content when migrating from Tailwind CSS v3 to Tailwind CSS v4 (#19846)
• Upgrade: never migrate files that are ignored by git (#19846)
• Add .env and .env.* to default ignored content files (#19846)
• Canonicalization: migrate overflow-ellipsis into text-ellipsis (#19849)
• Canonicalization: migrate start-full → inset-s-full, start-auto → inset-s-auto, start-px → inset-s-px, and start-<number> → inset-s-<number> as well as negative versions (#19849)
• Canonicalization: migrate end-full → inset-e-full, end-auto → inset-e-auto, end-px → inset-e-px, and end-<number> → inset-e-<number> as well as negative versions (#19849)
• Canonicalization: move the - sign inside the arbitrary value -left-[9rem] → left-[-9rem] (#19858)
• Canonicalization: move the - sign outside the arbitrary value ml-[calc(-1*var(--width))] → -ml-(--width) (#19858)
• Improve performance when scanning JSONL / NDJSON files (#19862)
• Support NODE_PATH environment variable in standalone CLI (#19617)

v4.2.2

Added

• Support Vite 8 in @tailwindcss/vite (#19790)

Fixed

• Don't crash when candidates contain prototype properties like row-constructor (#19725)
• Canonicalize calc(var(--spacing)*…) expressions into --spacing(…) (#19769)
• Fix crash in canonicalization step when handling utilities containing @property at-rules (e.g. shadow-sm border) (#19727)
• Skip full reload for server only modules scanned by client CSS when using @tailwindcss/vite (#19745)
• Improve canonicalization for bare values exceeding default spacing scale suggestions (e.g. w-1234 h-1234 → size-1234) (#19809)
• Fix canonicalization resulting in empty list (e.g. w-5 h-5 size-5 → '' instead of size-5) (#19812)

v4.2.1

Fixed

• Allow trailing dash in functional utility names for backwards compatibility (#19696)
• Properly detect classes containing . characters within curly braces in MDX files (#19711)

... (truncated)

Changelog

Sourced from tailwindcss's changelog.

[4.2.4] - 2026-04-21

Fixed

• Ensure imports in @import and @plugin still resolve correctly when using Vite aliases in @tailwindcss/vite (#19947)

[4.2.3] - 2026-04-20

Fixed

• Canonicalization: improve canonicalization for tracking-* utilities by preferring non-negative utilities (e.g. -tracking-tighter → tracking-wider) (#19827)
• Fix crash due to invalid characters in candidate (exceeding valid unicode code point range) (#19829)
• Ensure query params in imports are considered unique resources when using @tailwindcss/webpack (#19723)
• Canonicalization: collapse arbitrary values into shorthand utilities (e.g. px-[1.2rem] py-[1.2rem] → p-[1.2rem]) (#19837)
• Canonicalization: collapse border-{t,b}-* into border-y-*, border-{l,r}-* into border-x-*, and border-{t,r,b,l}-* into border-* (#19842)
• Canonicalization: collapse scroll-m{t,b}-* into scroll-my-*, scroll-m{l,r}-* into scroll-mx-*, and scroll-m{t,r,b,l}-* into scroll-m-* (#19842)
• Canonicalization: collapse scroll-p{t,b}-* into scroll-py-*, scroll-p{l,r}-* into scroll-px-*, and scroll-p{t,r,b,l}-* into scroll-p-* (#19842)
• Canonicalization: collapse overflow-{x,y}-* into overflow-* (#19842)
• Canonicalization: collapse overscroll-{x,y}-* into overscroll-* (#19842)
• Read from --placeholder-color instead of --background-color for placeholder-* utilities (#19843)
• Upgrade: ensure files are not emptied out when killing the upgrade process while it's running (#19846)
• Upgrade: use config.content when migrating from Tailwind CSS v3 to Tailwind CSS v4 (#19846)
• Upgrade: never migrate files that are ignored by git (#19846)
• Add .env and .env.* to default ignored content files (#19846)
• Canonicalization: migrate overflow-ellipsis into text-ellipsis (#19849)
• Canonicalization: migrate start-full → inset-s-full, start-auto → inset-s-auto, start-px → inset-s-px, and start-<number> → inset-s-<number> as well as negative versions (#19849)
• Canonicalization: migrate end-full → inset-e-full, end-auto → inset-e-auto, end-px → inset-e-px, and end-<number> → inset-e-<number> as well as negative versions (#19849)
• Canonicalization: move the - sign inside the arbitrary value -left-[9rem] → left-[-9rem] (#19858)
• Canonicalization: move the - sign outside the arbitrary value ml-[calc(-1*var(--width))] → -ml-(--width) (#19858)
• Improve performance when scanning JSONL / NDJSON files (#19862)
• Support NODE_PATH environment variable in standalone CLI (#19617)

[4.2.2] - 2026-03-18

Fixed

• Don't crash when candidates contain prototype properties like row-constructor (#19725)
• Canonicalize calc(var(--spacing)*…) expressions into --spacing(…) (#19769)
• Fix crash in canonicalization step when handling utilities containing @property at-rules (e.g. shadow-sm border) (#19727)
• Skip full reload for server only modules scanned by client CSS when using @tailwindcss/vite (#19745)
• Add support for Vite 8 in @tailwindcss/vite (#19790)
• Improve canonicalization for bare values exceeding default spacing scale suggestions (e.g. w-1234 h-1234 → size-1234) (#19809)
• Fix canonicalization resulting in empty list (e.g. w-5 h-5 size-5 → '' instead of size-5) (#19812)
• Resolve tsconfig paths to allow for @import '@/path/to/file'; when using @tailwindcss/vite (#19803)

[4.2.1] - 2026-02-23

Fixed

• Allow trailing dash in functional utility names for backwards compatibility (#19696)

... (truncated)

Commits

• 69ad7cc 4.2.4 (#19948)
• 2e3fa49 4.2.3 (#19944)
• df6209a Canonicalize negative arbitrary values (#19858)
• 52fd421 Small refactor of canonicalization tests (#19851)
• c385fd3 use test.each instead of manual loop
• 0d6e038 fix index in test name
• 88a2d22 Add more canonicalization rules for deprecated utilities (#19849)
• 2c1ef9e Use --placeholder-color instead of --background-color for placeholder-*...
• 28d5268 Collapse more utilities by expanding their declarations (#19842)
• b55d960 fix(canonicalize): collapse arbitrary values into shorthand utilities (#19837)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for tailwindcss since your current version.

Updates typescript from 5.9.3 to 6.0.3

Release notes

Sourced from typescript's releases.

TypeScript 6.0.3

For release notes, che...

Description has been truncated

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.