deps: bump the production-deps group across 1 directory with 21 updates

[dependabot]

Bumps the production-deps group with 21 updates in the / directory:

Package	From	To
@tauri-apps/api	2.10.1	2.11.0
@tauri-apps/plugin-deep-link	2.4.8	2.4.9
@tauri-apps/plugin-dialog	2.7.0	2.7.1
@tauri-apps/plugin-fs	2.5.0	2.5.1
@tauri-apps/plugin-opener	2.5.3	2.5.4
bits-ui	2.18.0	2.18.1
dompurify	3.4.2	3.4.3
svelte	5.55.1	5.55.5
tailwind-merge	3.5.0	3.6.0
@playwright/test	1.59.1	1.60.0
@tailwindcss/postcss	4.2.4	4.3.0
@tauri-apps/cli	2.10.1	2.11.1
@typescript-eslint/eslint-plugin	8.59.1	8.59.3
@typescript-eslint/parser	8.59.1	8.59.3
postcss	8.5.13	8.5.14
prettier-plugin-svelte	3.5.1	3.5.2
svelte-check	4.4.7	4.4.8
svelte-eslint-parser	1.6.0	1.6.1
tailwindcss	4.2.4	4.3.0
typescript-eslint	8.59.1	8.59.3
workbox-cli	7.4.0	7.4.1

Updates @tauri-apps/api from 2.10.1 to 2.11.0

Release notes

Sourced from @​tauri-apps/api's releases.

@​tauri-apps/api v2.11.0

No known vulnerabilities found

[2.11.0]

New Features

• 074299c08 (#14307) Add Bring All to Front predefined menu item type
• a12142a48 (#14357) Add macos support for setting the icon and icon template state in the same step of the main thread, to prevent flickering.
• 001c8fe3d (#14722) Add a WebView option to control browser-level general autofill behavior. This option does not disable password or credit card autofill. On Windows (WebView2), setting it to true disables the general autofill "Suggestions" UI, which may appear even when autocomplete="off" is specified on input elements. On Linux, macOS, iOS, and Android, this option is currently unsupported and performs no operation.
• eb0312ea9 (#15199) Propagates the Event::Suspended and Event::Resumed events from tao when they are emitted on mobile targets.

> @tauri-apps/api@2.11.0 npm-publish /home/runner/work/tauri/tauri/packages/api
> pnpm build && cd ./dist && pnpm publish --access public --loglevel silly --no-git-checks
> @​tauri-apps/api@​2.11.0 build /home/runner/work/tauri/tauri/packages/api
> rollup -c --configPlugin typescript
�[36m
�[1m./src/app.ts, ./src/core.ts, ./src/dpi.ts, ./src/event.ts, ./src/image.ts, ./src/index.ts, ./src/menu.ts, ./src/mocks.ts, ./src/path.ts, ./src/tray.ts, ./src/webview.ts, ./src/webviewWindow.ts, ./src/window.ts�[22m → �[1m./dist, ./dist�[22m...�[39m
�[32mcreated �[1m./dist, ./dist�[22m in �[1m1s�[22m�[39m
�[36m
�[1msrc/index.ts�[22m → �[1m../../crates/tauri/scripts/bundle.global.js�[22m...�[39m
�[32mcreated �[1m../../crates/tauri/scripts/bundle.global.js�[22m in �[1m1.6s�[22m�[39m
npm verbose cli /opt/hostedtoolcache/node/24.14.1/x64/bin/node /opt/hostedtoolcache/node/24.14.1/x64/bin/npm
npm info using npm@11.11.0
npm info using node@v24.14.1
npm silly config load:file:/opt/hostedtoolcache/node/24.14.1/x64/lib/node_modules/npm/npmrc
npm silly config load:file:/tmp/62753b73fd2498862aee9b07ed29cc21/.npmrc
npm silly config load:file:/home/runner/.npmrc
npm silly config load:file:/home/runner/.config/pnpm/rc
npm verbose title npm publish tauri-apps-api-2.11.0.tgz
npm verbose argv "publish" "--ignore-scripts" "tauri-apps-api-2.11.0.tgz" "--access" "public" "--loglevel" "silly"
npm verbose logfile logs-max:10 dir:/home/runner/.npm/_logs/2026-04-30T15_51_13_171Z-
npm verbose logfile /home/runner/.npm/_logs/2026-04-30T15_51_13_171Z-debug-0.log
npm warn Unknown env config "verify-deps-before-run". This will stop working in the next major version of npm. See npm help npmrc for supported config options.
npm warn Unknown env config "npm-globalconfig". This will stop working in the next major version of npm. See npm help npmrc for supported config options.
npm warn Unknown env config "_jsr-registry". This will stop working in the next major version of npm. See npm help npmrc for supported config options.
</tr></table>

... (truncated)

Commits

• e60834f Apply Version Updates From Current Changes (#15041)
• df05c00 chore: minor bump for codegen crate
• 13bea17 chore: fmt
• 9808236 fix(macOS): correct value for work_area.position.y (#14655)
• eb0312e feat(mobile): Propagate tao::Event::Suspended and tao::Event::Resumed to the ...
• 4ef5797 feat(ios): add --no-sign and --archive-only flags to ios build (#15061)
• 110336c fix(macOS): fix incorrect window position on multi-monitor setups (#15250)
• c00a3db feat(macros): add support for rename command macro in tauri-macros #14173 (#1...
• 764b913 feat(cli): restart Android emulator if it is disconnected from adb (#14313)
• 1035f12 fix(windows): tauri-bundler detect arm system (#14923)
• Additional commits viewable in compare view

Updates @tauri-apps/plugin-deep-link from 2.4.8 to 2.4.9

Release notes

Sourced from @​tauri-apps/plugin-deep-link's releases.

deep-link-js v2.4.9

[2.4.9]

• e6cdc9f5 (#3396 by @​Legend-Master) Fix broken iOS custom URL schemes

npm warn Unknown user config "always-auth". This will stop working in the next major version of npm. See `npm help npmrc` for supported config options.
npm warn publish npm auto-corrected some errors in your package.json when publishing.  Please run "npm pkg fix" to address these errors.
npm warn publish errors corrected:
npm warn publish "repository" was changed from a string to an object
npm warn publish "repository.url" was normalized to "git+https://github.com/tauri-apps/plugins-workspace.git"
npm notice
npm notice 📦  @tauri-apps/plugin-deep-link@2.4.9
npm notice Tarball Contents
npm notice 888B LICENSE.spdx
npm notice 6.2kB README.md
npm notice 3.5kB dist-js/index.cjs
npm notice 2.9kB dist-js/index.d.ts
npm notice 3.4kB dist-js/index.js
npm notice 801B package.json
npm notice Tarball Details
npm notice name: @tauri-apps/plugin-deep-link
npm notice version: 2.4.9
npm notice filename: tauri-apps-plugin-deep-link-2.4.9.tgz
npm notice package size: 4.4 kB
npm notice unpacked size: 17.7 kB
npm notice shasum: ae56d59130380f806b533b3107c3f16654e66a8d
npm notice integrity: sha512-u0SKOUHnJ1wqe[...]hIvqLBRpgHJlA==
npm notice total files: 6
npm notice
npm notice Publishing to https://registry.npmjs.org/ with tag latest and public access
npm notice publish Signed provenance statement with source and build information from GitHub Actions
npm notice publish Provenance statement published to transparency log: https://search.sigstore.dev/?logIndex=1429011657
+ @tauri-apps/plugin-deep-link@2.4.9

deep-link v2.4.9

[2.4.9]

• e6cdc9f5 (#3396 by @​Legend-Master) Fix broken iOS custom URL schemes

</tr></table> 

... (truncated)

Commits

• 5c7668b publish new versions (#3397)
• ec05401 chore(deps): update rust crate toml to v1 (#3323)
• b86e999 chore(deps): update tauri packages to 2.11 (#3407)
• c463d8a chore(deps): update rustls-webpki in lockfile, ignore core2 in audit (#3405)
• 1bb7beb chore(deps): bump openssl (#3402)
• 3412fa2 docs(readme): fix platform support matrix (opener supports mobile)
• af81fda docs(readme): fix platform support matrix (mobile is supported)
• c1fd33b fix(opener): allow open network share locations (#3343)
• 250857b chore(deps): update dependency typescript to v6 (#3363)
• 964e13f fix(store): dead lock trying to set while exiting (#3395)
• Additional commits viewable in compare view

Updates @tauri-apps/plugin-dialog from 2.7.0 to 2.7.1

Release notes

Sourced from @​tauri-apps/plugin-dialog's releases.

dialog-js v2.7.1

[2.7.1]

Dependencies

• Upgraded to fs-js@2.5.1

npm warn Unknown user config "always-auth". This will stop working in the next major version of npm. See `npm help npmrc` for supported config options.
npm warn publish npm auto-corrected some errors in your package.json when publishing.  Please run "npm pkg fix" to address these errors.
npm warn publish errors corrected:
npm warn publish "repository" was changed from a string to an object
npm warn publish "repository.url" was normalized to "git+https://github.com/tauri-apps/plugins-workspace.git"
npm notice
npm notice 📦  @tauri-apps/plugin-dialog@2.7.1
npm notice Tarball Contents
npm notice 888B LICENSE.spdx
npm notice 3.5kB README.md
npm notice 6.9kB dist-js/index.cjs
npm notice 14.6kB dist-js/index.d.ts
npm notice 6.8kB dist-js/index.js
npm notice 11B dist-js/init.d.ts
npm notice 657B package.json
npm notice Tarball Details
npm notice name: @tauri-apps/plugin-dialog
npm notice version: 2.7.1
npm notice filename: tauri-apps-plugin-dialog-2.7.1.tgz
npm notice package size: 6.7 kB
npm notice unpacked size: 33.3 kB
npm notice shasum: fc83387de807c8d064d2b64b1b813b84e8286a12
npm notice integrity: sha512-OK1UBXYt+ojcm[...]FmEOjIY9IhzOQ==
npm notice total files: 7
npm notice
npm notice Publishing to https://registry.npmjs.org/ with tag latest and public access
npm notice publish Signed provenance statement with source and build information from GitHub Actions
npm notice publish Provenance statement published to transparency log: https://search.sigstore.dev/?logIndex=1429011725
+ @tauri-apps/plugin-dialog@2.7.1

dialog v2.7.1

[2.7.1]

Dependencies

• Upgraded to fs-js@2.5.1

... (truncated)

Commits

• e7a68fa publish new versions (#3068)
• b5550a3 chore: temp delete updater changefile
• 93426f8 fix: fix docsrs builds
• 4ee61e0 Revert "chore: temp delete updater changefile"
• 06124af publish new versions (#2972)
• 060219e chore(deps): update dependency @​rollup/plugin-typescript to v12.3.0 (#3067)
• c7e9766 chore(deps): update tauri monorepo (v2) (#3058)
• d4a8ce9 chore(deps): update rust crate tokio-tungstenite to 0.28 (#3016)
• cdc7eec chore(deps): update dependency @​rollup/plugin-typescript to v12.2.0 (#3066)
• 6314b00 chore: temp delete updater changefile
• Additional commits viewable in compare view

Updates @tauri-apps/plugin-fs from 2.5.0 to 2.5.1

Release notes

Sourced from @​tauri-apps/plugin-fs's releases.

fs-js v2.5.1

[2.5.1]

• ec054013 (#3323 by @​renovate) Updated dependency toml from 0.9 to 1

npm warn Unknown user config "always-auth". This will stop working in the next major version of npm. See `npm help npmrc` for supported config options.
npm warn publish npm auto-corrected some errors in your package.json when publishing.  Please run "npm pkg fix" to address these errors.
npm warn publish errors corrected:
npm warn publish "repository" was changed from a string to an object
npm warn publish "repository.url" was normalized to "git+https://github.com/tauri-apps/plugins-workspace.git"
npm notice
npm notice 📦  @tauri-apps/plugin-fs@2.5.1
npm notice Tarball Contents
npm notice 888B LICENSE.spdx
npm notice 2.4kB README.md
npm notice 32.8kB dist-js/index.cjs
npm notice 32.6kB dist-js/index.d.ts
npm notice 32.0kB dist-js/index.js
npm notice 697B package.json
npm notice Tarball Details
npm notice name: @tauri-apps/plugin-fs
npm notice version: 2.5.1
npm notice filename: tauri-apps-plugin-fs-2.5.1.tgz
npm notice package size: 21.5 kB
npm notice unpacked size: 101.5 kB
npm notice shasum: e1b8643d41c74251699fcdecc800877d18a4a6fc
npm notice integrity: sha512-9Lz+Jopp6QyeE[...]tqPB/XEMS3NhQ==
npm notice total files: 6
npm notice
npm notice Publishing to https://registry.npmjs.org/ with tag latest and public access
npm notice publish Signed provenance statement with source and build information from GitHub Actions
npm notice publish Provenance statement published to transparency log: https://search.sigstore.dev/?logIndex=1429011689
+ @tauri-apps/plugin-fs@2.5.1

fs v2.5.1

[2.5.1]

• ec054013 (#3323 by @​renovate) Updated dependency toml from 0.9 to 1

</tr></table> 

... (truncated)

Commits

• 5c7668b publish new versions (#3397)
• ec05401 chore(deps): update rust crate toml to v1 (#3323)
• b86e999 chore(deps): update tauri packages to 2.11 (#3407)
• c463d8a chore(deps): update rustls-webpki in lockfile, ignore core2 in audit (#3405)
• 1bb7beb chore(deps): bump openssl (#3402)
• 3412fa2 docs(readme): fix platform support matrix (opener supports mobile)
• af81fda docs(readme): fix platform support matrix (mobile is supported)
• c1fd33b fix(opener): allow open network share locations (#3343)
• 250857b chore(deps): update dependency typescript to v6 (#3363)
• 964e13f fix(store): dead lock trying to set while exiting (#3395)
• Additional commits viewable in compare view

Updates @tauri-apps/plugin-opener from 2.5.3 to 2.5.4

Release notes

Sourced from @​tauri-apps/plugin-opener's releases.

opener-js v2.5.4

[2.5.4]

• c1fd33b3 (#3343 by @​Legend-Master) Fix revealItemInDir/reveal_items_in_dir can't reveal network paths like \\wsl.localhost\Ubuntu\etc on Windows

npm warn Unknown user config "always-auth". This will stop working in the next major version of npm. See `npm help npmrc` for supported config options.
npm warn publish npm auto-corrected some errors in your package.json when publishing.  Please run "npm pkg fix" to address these errors.
npm warn publish errors corrected:
npm warn publish "repository" was changed from a string to an object
npm warn publish "repository.url" was normalized to "git+https://github.com/tauri-apps/plugins-workspace.git"
npm notice
npm notice 📦  @tauri-apps/plugin-opener@2.5.4
npm notice Tarball Contents
npm notice 888B LICENSE.spdx
npm notice 4.2kB README.md
npm notice 3.1kB dist-js/index.cjs
npm notice 2.0kB dist-js/index.d.ts
npm notice 3.1kB dist-js/index.js
npm notice 11B dist-js/init.d.ts
npm notice 730B package.json
npm notice Tarball Details
npm notice name: @tauri-apps/plugin-opener
npm notice version: 2.5.4
npm notice filename: tauri-apps-plugin-opener-2.5.4.tgz
npm notice package size: 3.5 kB
npm notice unpacked size: 14.1 kB
npm notice shasum: b37883e4d36125b8c5a0c74f683395958a65bd7d
npm notice integrity: sha512-1HnPkb+AmgO29[...]aUJtT57lfO9CQ==
npm notice total files: 7
npm notice
npm notice Publishing to https://registry.npmjs.org/ with tag latest and public access
npm notice publish Signed provenance statement with source and build information from GitHub Actions
npm notice publish Provenance statement published to transparency log: https://search.sigstore.dev/?logIndex=1429011743
+ @tauri-apps/plugin-opener@2.5.4

opener v2.5.4

[2.5.4]

• c1fd33b3 (#3343 by @​Legend-Master) Fix revealItemInDir/reveal_items_in_dir can't reveal network paths like \\wsl.localhost\Ubuntu\etc on Windows

... (truncated)

Commits

• e7a68fa publish new versions (#3068)
• b5550a3 chore: temp delete updater changefile
• 93426f8 fix: fix docsrs builds
• 4ee61e0 Revert "chore: temp delete updater changefile"
• See full diff in compare view

Updates bits-ui from 2.18.0 to 2.18.1

Release notes

Sourced from bits-ui's releases.

bits-ui@2.18.1

Patch Changes

• fix(text-selection-layer): snapshot enabled and pointer handlers for listeners (#2041)

• fix(Tooltip): set wrapper pointer-events when hoverable content is disabled (#2041)

• fix(Menu): prevent page scroll-jump on item hover when scroll-padding is set (#2035)

Commits

• 25f8137 Version Packages (#2042)
• 158364e fix(menu): use preventScroll when focusing items on hover and content on item...
• 5a3f7ce fix(Tooltip): pointer event handling (#2041)
• 788fc03 chore: update workflows to Node 24 and latest action versions (#2032)
• See full diff in compare view

Updates dompurify from 3.4.2 to 3.4.3

Release notes

Sourced from dompurify's releases.

DOMPurify 3.4.3

• Fixed an issue with handling of nested Shadow DOM trees, thanks @​fishjojo1
• Fixed the template regexes to be more robust against ReDoS attacks, thanks @​aleung27
• Updated the node iteration code to catch more Shadow DOM related issues
• Updated Playwright and added Node 26 to test matrix
• Updated existing workflows, fuzzer, release signing, etc., added more tests
• Bumped several dependencies where possible

Commits

• 520edb0 release: 3.4.3 (#1352)
• See full diff in compare view

Updates svelte from 5.55.1 to 5.55.5

Release notes

Sourced from svelte's releases.

svelte@5.55.5

Patch Changes

• fix: don't mark deriveds while an effect is updating (#18124)

• fix: do not dispatch introstart event with animation of animate directive (#18122)

svelte@5.55.4

Patch Changes

• fix: never mark a child effect root as inert (#18111)

• fix: reset context after waiting on blockers of @const expressions (#18100)

• fix: keep flushing new eager effects (#18102)

svelte@5.55.3

Patch Changes

• fix: ensure proper HMR updates for dynamic components (#18079)

• fix: correctly calculate @const blockers (#18039)

• fix: freeze deriveds once their containing effects are destroyed (#17921)

• fix: defer error boundary rendering in forks (#18076)

• fix: avoid false positives for reactivity loss warning (#18088)

svelte@5.55.2

Patch Changes

• fix: invalidate @const tags based on visible references in legacy mode (#18041)

• fix: handle parens in template expressions more robustly (#18075)

• fix: disallow -- in idPrefix (#18038)

• fix: correct types for ontoggle on <details> elements (#18063)

• fix: don't override $destroy/set/on instance methods in dev mode (#18034)

• fix: unskip branches of earlier batches after commit (#18048)

• fix: never set derived.v inside fork (#18037)

• fix: skip rebase logic in non-async mode (#18040)

• fix: don't reset status of uninitialized deriveds (#18054)

Changelog

Sourced from svelte's changelog.

5.55.5

Patch Changes

• fix: don't mark deriveds while an effect is updating (#18124)

• fix: do not dispatch introstart event with animation of animate directive (#18122)

5.55.4

Patch Changes

• fix: never mark a child effect root as inert (#18111)

• fix: reset context after waiting on blockers of @const expressions (#18100)

• fix: keep flushing new eager effects (#18102)

5.55.3

Patch Changes

• fix: ensure proper HMR updates for dynamic components (#18079)

• fix: correctly calculate @const blockers (#18039)

• fix: freeze deriveds once their containing effects are destroyed (#17921)

• fix: defer error boundary rendering in forks (#18076)

• fix: avoid false positives for reactivity loss warning (#18088)

5.55.2

Patch Changes

• fix: invalidate @const tags based on visible references in legacy mode (#18041)

• fix: handle parens in template expressions more robustly (#18075)

• fix: disallow -- in idPrefix (#18038)

• fix: correct types for ontoggle on <details> elements (#18063)

• fix: don't override $destroy/set/on instance methods in dev mode (#18034)

• fix: unskip branches of earlier batches after commit (#18048)

• fix: never set derived.v inside fork (#18037)

... (truncated)

Commits

• b771df3 Version Packages (#18125)
• 8e73190 fix: don't mark deriveds while an effect is updating (#18124)
• 51736e5 fix: do not dispatch transition event with animation (#18122)
• 7fddfbd Version Packages (#18105)
• 671fc2e fix: never mark a child effect root as inert (#18111)
• 0ed8c28 fix: reset context after waiting on blockers of @const expressions (#18100)
• 273f1a8 fix: keep flushing new eager effects (#18102)
• 4a50e8e Version Packages (#18085)
• 15588f5 fix: avoid false positives for reactivity loss warning (#18088)
• 0e9e76f fix: freeze deriveds once their containing effects are destroyed (#17921)
• Additional commits viewable in compare view

Updates tailwind-merge from 3.5.0 to 3.6.0

Release notes

Sourced from tailwind-merge's releases.

v3.6.0

New Features

• Add support for Tailwind CSS v4.3 by @​dcastil in dcastil/tailwind-merge#677
  • Add postfixLookupClassGroups option to config to support Tailwind utilities where a slash is part of the full class name, like named container queries
• Add support for readonly array values by @​unional in dcastil/tailwind-merge#652

Documentation

• Fix broken links in README by @​maurer2 in dcastil/tailwind-merge#662

Other

• Harden internal CI pipeline security by omitting git checkout by @​dcastil, suggested by @​kyletaylored in dcastil/tailwind-merge@6b2499c

Full Changelog: dcastil/tailwind-merge@v3.5.0...v3.6.0

Thanks to @​brandonmcconnell, @​manavm1990, @​langy, @​roboflow, @​syntaxfm, @​getsentry, @​codecov, a private sponsor, @​block, @​openclaw, @​sourcegraph, @​mike-healy and more via @​thnxdev for sponsoring tailwind-merge! ❤️

Commits

• d54f7e5 v3.6.0
• 638871a Update README to add info about Tailwind CSS v4.3 support
• 39fc7b5 Revert "v3.6.0"
• bd8390f v3.6.0
• 802877c add v3.6.0 changelog
• a35feda Merge pull request #665 from dcastil/renovate/rollup-plugin-babel-7.x
• 940389c Merge pull request #667 from dcastil/renovate/release-drafter-release-drafter...
• 005af6d pin to specific version
• 5816ced implement breaking changes
• 17041e1 Merge pull request #676 from dcastil/dependabot/npm_and_yarn/babel/plugin-tra...
• Additional commits viewable in compare view

Updates @playwright/test from 1.59.1 to 1.60.0

Release notes

Sourced from @​playwright/test's releases.

v1.60.0

🌐 HAR recording on Tracing

tracing.startHar() / tracing.stopHar() expose HAR recording as a first-class tracing API, with the same content, mode and urlFilter options as recordHar. The returned Disposable makes it easy to scope a recording with await using:

await using har = await context.tracing.startHar('trace.har');
const page = await context.newPage();
await page.goto('https://playwright.dev');
// HAR is finalized when `har` goes out of scope.

🪝 Drop API

New locator.drop() simulates an external drag-and-drop of files or clipboard-like data onto an element. Playwright dispatches dragenter, dragover, and drop with a synthetic [DataTransfer] in the page context — works cross-browser and is great for testing upload zones:

await page.locator('#dropzone').drop({
  files: { name: 'note.txt', mimeType: 'text/plain', buffer: Buffer.from('hello') },
});
await page.locator('#dropzone').drop({
data: {
'text/plain': 'hello world',
'text/uri-list': 'https://example.com',
},
});

🎯 Aria snapshots

• expect(page).toMatchAriaSnapshot() now works on a Page, in addition to a Locator — equivalent to asserting against page.locator('body').
• New boxes option on locator.ariaSnapshot() / page.ariaSnapshot() appends each element's bounding box as [box=x,y,width,height], useful for AI consumption.

🛑 test.abort()

New test.abort() aborts the currently running test from a fixture, hook, or route handler with an optional message. Use it when you have detected an unrecoverable misuse and want to fail the test right away:

test('does not publish to the shared page', async ({ page }) => {
  await page.route('**/publish', route => {
    test.abort('Tests must not publish to the shared page. Use the `clone` option.');
    return route.abort();
  });
  // ...
});

New APIs

Browser, Context and Page

... (truncated)

Commits

• 87bb9dd cherry-pick(#40747): fix(yauzl): vendor yauzl with destroy-lifecycle fix
• 9a9c51c cherry-pick(#40733): chore(electron): revert #40184 (move Electron API to a s...
• 4b3b628 cherry-pick(#40736): Revert "feat(electron): add timeout option to electronAp...
• f869f96 chore: bump version to v1.60.0 (#40714)
• 7eb6918 cherry-pick(#40710): docs: release notes v1.60
• 118d2aa cherry-pick(#40693): chore(python): formdata path type
• 54012f5 chore(deps): bump ip-address and express-rate-limit (#40680)
• 9fa531d fix(screencast): unblock frame ack when an async client disconnects (#40674)
• 3649db5 chore(mcp): bump default extension protocol to v2 (#40678)
• bb6c009 chore(extension): mark 0.2.1 (#40679)
• Additional commits viewable in compare view

Updates @tailwindcss/postcss from 4.2.4 to 4.3.0

Release notes

Sourced from @​tailwindcss/postcss's releases.

v4.3.0

Added

• Add @container-size utility (#18901)
• Add scrollbar-{auto,thin,none} utilities for scrollbar-width, and scrollbar-thumb-* / scrollbar-track-* color utilities for scrollbar-color (#19981, #20019)
• Add scrollbar-gutter-* utilities (#20018)
• Add zoom-* utilities (#20020)
• Add tab-* utilities (#20022)
• Allow using @variant with stacked variants (e.g. @variant hover:focus { … }) (#19996)
• Allow using @variant with compound variants (e.g. @variant hover, focus { … }) (#19996)
• Support --default(…) in --value(…) and --modifier(…) for functional @utility definitions (#19989)

Fixed

• Ensure @plugin resolves package JavaScript entries instead of browser CSS entries when using @tailwindcss/vite (#19949)
• Fix relative @import and @plugin paths resolving from the wrong directory when using @tailwindcss/vite (#19965)
• Ensure CSS files containing @variant are processed by @tailwindcss/vite (#19966)
• Resolve imports relative to base when result.opts.from is not provided when using @tailwindcss/postcss (#19980)
• Canonicalization: preserve significant _ whitespace in arbitrary values (#19986)
• Canonicalization: add parentheses when removing whitespace from arbitrary values would hurt readability (e.g. w-[calc(100%---spacing(60))] → w-[calc(100%-(--spacing(60)))]) (#19986)
• Canonicalization: preserve the original unit in arbitrary values instead of normalizing to base units (e.g. -mt-[20in] → mt-[-20in], not mt-[-1920px]) (#19988)
• Canonicalization: migrate arbitrary :has() variants from [&:has(…)] to has-[…] (#19991)
• Upgrade: don’t migrate inline style attributes (e.g. style="flex-grow: 1" → style="flex-grow: 1", not style="grow: 1") (#19918)
• Allow multiple @utility definitions with the same name but different value types (#19777)
• Export missing PluginWithConfig type from tailwindcss/plugin to fix errors when inferring plugin config types (#19707)
• Ensure start and end legacy utilities without values do not generate CSS (#20003)
• Ensure --value(…) is required in functional @utility definitions (#20005)
• Canonicalization: preserve required whitespace around operators in negated arbitrary values (e.g. -left-[(var(--a)+var(--b))]) (#20011)

Changelog

Sourced from @​tailwindcss/postcss's changelog.

[4.3.0] - 2026-05-08

Added

• Add @container-size utility (#18901)
• Add scrollbar-{auto,thin,none} utilities for scrollbar-width, and scrollbar-thumb-* / scrollbar-track-* color utilities for scrollbar-color (#19981, #20019)
• Add scrollbar-gutter-* utilities (#20018)
• Add zoom-* utilities (#20020)
• Add tab-* utilities (#20022)
• Allow using @variant with stacked variants (e.g. @variant hover:focus { … }) (#19996)
• Allow using @variant with compound variants (e.g. @variant hover, focus { … }) (#19996)
• Support --default(…) in --value(…) and --modifier(…) for functional @utility definitions (#19989)

Fixed

• Ensure @plugin resolves package JavaScript entries instead of browser CSS entries when using @tailwindcss/vite (#19949)
• Fix relative @import and @plugin paths resolving from the wrong directory when using @tailwindcss/vite (#19965)
• Ensure CSS files containing @variant are processed by @tailwindcss/vite (#19966)
• Resolve imports relative to base when result.opts.from is not provided when using @tailwindcss/postcss (#19980)
• Canonicalization: preserve significant _ whitespace in arbitrary values (#19986)
• Canonicalization: add parentheses when removing whitespace from arbitrary values would hurt readability (e.g. w-[calc(100%---spacing(60))] → w-[calc(100%-(--spacing(60)))]) (#19986)
• Canonicalization: preserve the original unit in arbitrary values instead of normalizing to base units (e.g. -mt-[20in] → mt-[-20in], not mt-[-1920px]) (#19988)
• Canonicalization: migrate arbitrary :has() variants from [&:has(…)] to has-[…] (#19991)
• Upgrade: don’t migrate inline style attributes (e.g. style="flex-grow: 1" → style="flex-grow: 1", not style="grow: 1") (#19918)
• Allow multiple @utility definitions with the same name but different value types (#19777)
• Export missing PluginWithConfig type from tailwindcss/plugin to fix errors when inferring plugin config types (#19707)
• Ensure start and end legacy utilities without values do not generate CSS (#20003)
• Ensure --value(…) is required in functional @utility definitions (#20005)
• Canonicalization: preserve required whitespace around operators in negated arbitrary values (e.g. -left-[(var(--a)+var(--b))]) (#20011)

Commits

• 588bd73 4.3.0 (#20023)
• 12eb5ae Cleanup noisy test output (#20015)
• 4255671 Improve snapshot tests (#20013)
• 52f94c7 Improve codebase quality (#19999)
• d194d4c docs: fix various typos in comments and documentation (#19878)
• bfb5732 Fall back to the plugin base when PostCSS has no from option (#19980)
• 3a890c3 Bump dependencies (

[dependabot]

Labels

The following labels could not be found: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.