chore(deps): bump the production-dependencies group with 18 updates

[dependabot]

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

---

Bumps the production-dependencies group with 18 updates:

Package	From	To
@ai-sdk/anthropic	3.0.74	3.0.76
@ai-sdk/google	3.0.67	3.0.71
@ai-sdk/openai	3.0.58	3.0.63
@aws-sdk/client-s3	3.1041.0	3.1045.0
@better-auth/sso	1.6.9	1.6.10
@opentelemetry/api-logs	0.216.0	0.217.0
@opentelemetry/exporter-logs-otlp-http	0.216.0	0.217.0
@opentelemetry/sdk-logs	0.216.0	0.217.0
@posthog/nuxt	1.7.21	1.7.25
@tailwindcss/vite	4.2.4	4.3.0
ai	6.0.174	6.0.177
better-auth	1.6.9	1.6.10
nuxt	4.4.4	4.4.5
posthog-node	5.33.0	5.33.4
resend	6.12.2	6.12.3
tailwindcss	4.2.4	4.3.0
vue	3.5.33	3.5.34
zod	4.4.2	4.4.3

Updates @ai-sdk/anthropic from 3.0.74 to 3.0.76

Changelog

Sourced from @​ai-sdk/anthropic's changelog.

3.0.76

Patch Changes

• Updated dependencies [f591416]
  • @​ai-sdk/provider-utils@​4.0.27

3.0.75

Patch Changes

• 3f06680: Remove stale effort-2025-11-24 beta header — the extended thinking effort parameter is GA and no longer requires the beta flag. Vertex AI's strict validator was actively rejecting requests with this header.

Commits

• e3ccdb5 Version Packages (#15094)
• 74a7a20 Version Packages (#15012)
• 3f06680 Backport: fix(anthropic): remove stale effort-2025-11-24 beta header (#15011)
• See full diff in compare view

Updates @ai-sdk/google from 3.0.67 to 3.0.71

Release notes

Sourced from @​ai-sdk/google's releases.

@​ai-sdk/google@​3.0.71

Patch Changes

• 59530cf: fix(google): emit Vertex no-args streaming tool calls and preserve thoughtSignature

  Vertex emits a no-args function call as a single chunk shaped { functionCall: { name: 'X' } } with no args, no partialArgs, and no willContinue. The streaming parser had no branch for this shape, so the call was dropped along with any thoughtSignature it carried. For Gemini 3 thinking models this caused the next multi-turn step to 400 with missing thought_signature. The unary (doGenerate) path had the same drop.

  Both paths now emit the call as a complete tool call with '{}' input and propagate thoughtSignature provider metadata.

  Fixes #14847.

Changelog

Sourced from @​ai-sdk/google's changelog.

3.0.71

Patch Changes

• 59530cf: fix(google): emit Vertex no-args streaming tool calls and preserve thoughtSignature

  Vertex emits a no-args function call as a single chunk shaped { functionCall: { name: 'X' } } with no args, no partialArgs, and no willContinue. The streaming parser had no branch for this shape, so the call was dropped along with any thoughtSignature it carried. For Gemini 3 thinking models this caused the next multi-turn step to 400 with missing thought_signature. The unary (doGenerate) path had the same drop.

  Both paths now emit the call as a complete tool call with '{}' input and propagate thoughtSignature provider metadata.

  Fixes #14847.

3.0.70

Patch Changes

• 4f3f564: fix(provider/google): fix lack of image consistency when using Interactions API in stateless mode

3.0.69

Patch Changes

• bb377ba: fix(google): omit passing includeServerSideToolInvocations for Vertex tool_config
• Updated dependencies [f591416]
  • @​ai-sdk/provider-utils@​4.0.27

3.0.68

Patch Changes

• e0f8c9e: feat(provider/google): add support for the Gemini Interactions API

Commits

• e70aab9 Version Packages (#15138)
• 59530cf Backport: fix(google): emit no-args streaming tool calls and preserve thought...
• 0288286 Version Packages (#15105)
• e3ccdb5 Version Packages (#15094)
• 4f3f564 Backport: fix(provider/google): fix lack of image consistency when using Inte...
• bb377ba Backport: fix(google): omit passing includeServerSideToolInvocations for Vert...
• 3a6aef7 Version Packages (#15072)
• e0f8c9e Backport: feat(provider/google): add support for the Gemini Interactions API ...
• See full diff in compare view

Updates @ai-sdk/openai from 3.0.58 to 3.0.63

Changelog

Sourced from @​ai-sdk/openai's changelog.

3.0.63

Patch Changes

• Updated dependencies [f591416]
  • @​ai-sdk/provider-utils@​4.0.27

3.0.62

Patch Changes

• 65edcca: feat: add allowedTools provider option for OpenAI Responses

3.0.61

Patch Changes

• b93f9b4: feat(provider/openai): forward imageDetail providerOptions on tool-result image content

3.0.60

Patch Changes

• 6dcd8e6: feat(openai): add GPT-5.5 chat model IDs

3.0.59

Patch Changes

• 38966ab: fix(openai, openai-compatible): only send null content for assistant messages with tool calls

Commits

• e3ccdb5 Version Packages (#15094)
• bf9de31 Version Packages (#15046)
• 65edcca Backport: feat(openai): add allowedTools provider option for Responses (#15044)
• ee37690 Version Packages (#15020)
• b93f9b4 Backport: feat(provider/openai): forward imageDetail providerOptions on tool-...
• c706111 Version Packages (#14971)
• 6dcd8e6 Backport: feat(openai): add GPT-5.5 chat model IDs (#14965)
• a1dddcc Version Packages (#14954)
• 38966ab backport v6: fix(openai, openai-compatible): only send null content for assis...
• See full diff in compare view

Updates @aws-sdk/client-s3 from 3.1041.0 to 3.1045.0

Release notes

Sourced from @​aws-sdk/client-s3's releases.

v3.1045.0

3.1045.0(2026-05-07)

Documentation Changes

• client-guardduty: This is a documentation update (1484574c)

New Features

• clients: update client endpoints as of 2026-05-07 (81310767)
• client-bcm-data-exports: With this release, customers can configure their data exports to generate additional integration artifacts for Athena and Redshift. (238da2c1)
• client-invoicing: Updated ListInvoiceSummaries API to add new ReceiverRole filter in Request and Response (60a448cb)
• client-bedrock-agentcore: Launching AgentCore payments - a capability that provides secure, instant microtransaction payments for AI agents to access paid APIs, MCP servers, and content. It handles payment processing for x402 protocol, payment limits, and 3P wallet integrations with Coinbase CDP and Stripe (Privy). (1e1031a7)
• client-ec2: DescribeInstanceTypes now accepts an IncludeUnsupportedInRegion parameter. When set, the response also lists instance types that are not available in the current Region. Each instance type includes a SupportedInRegion field indicating its regional availability. (70262433)
• client-bedrock-agentcore-control: Launching AgentCore payments - a capability that provides secure, instant microtransaction payments for AI agents to access paid APIs, MCP servers, and content. It handles payment processing for x402 protocol, payment limits, and 3P wallet integrations with Coinbase CDP and Stripe (Privy). (fe5861ae)
• client-route53resolver: Adds supports for DNS64 on inbound endpoints and IPv6 forwarding through the internet gateway (IGW) on outbound endpoints, making it easier to manage hybrid DNS across IPv4 and IPv6 networks. (8e6e18c6)

---

For list of updated packages, view updated-packages.md in assets-3.1045.0.zip

v3.1044.0

3.1044.0(2026-05-06)

New Features

• client-securityhub: Release GenerateRecommendedPolicyV2 and GetRecommendedPolicyV2 APIs. This supports generating and retrieving policy recommendations to remediate unused permissions findings that are now being supported on Security Hub. (772b8629)
• client-sagemaker: Amazon SageMaker HyperPod now returns ImageVersionStatus in DescribeCluster, DescribeClusterNode, and ListClusterNodes responses, indicating whether cluster instances are running the latest available image version. (2be7e6b4)
• client-glue: Adds support for a CustomLogGroupPrefix parameter in StartDataQualityRulesetEvaluationRun to specify custom CloudWatch log group paths, and a RulesetName filter in ListDataQualityRulesetEvaluationRuns to filter evaluation runs by ruleset name. (b95d850b)
• client-lex-models-v2: Amazon Lex V2 introduces audio filler support for speech-to-speech bots. Configure melody or typing sounds that play during backend processing to reduce perceived latency and maintain a natural conversational experience for callers. (01426f8e)
• client-bedrock-agentcore-control: Adds support for bring-your-own file system in AgentCore Runtime. Developers can mount Amazon S3 Files and Amazon EFS access points directly into agent sessions using filesystemConfigurations. (e20f24d9)
• client-s3: Validate outpost access point resource name (bee88a56)
• client-mwaa: Amazon MWAA now supports a PublicAndPrivate webserver access mode. The Airflow web server is accessible over both public and private endpoints, enabling workers in VPCs without internet access to reach the Task API privately while retaining public access to the Airflow UI. (3a6054ef)
• client-imagebuilder: The ImportDiskImage API now enforces a maximum character limit of 128 characters on the image name field. (7fc2565c)

Tests

• scripts: include type symbols in api snapshot test (#7985) (02f86176)

---

For list of updated packages, view updated-packages.md in assets-3.1044.0.zip

v3.1043.0

3.1043.0(2026-05-05)

New Features

... (truncated)

Changelog

Sourced from @​aws-sdk/client-s3's changelog.

3.1045.0 (2026-05-07)

Note: Version bump only for package @​aws-sdk/client-s3

3.1044.0 (2026-05-06)

Features

• client-s3: Validate outpost access point resource name (bee88a5)

3.1043.0 (2026-05-05)

Note: Version bump only for package @​aws-sdk/client-s3

3.1042.0 (2026-05-04)

Note: Version bump only for package @​aws-sdk/client-s3

Commits

• b329def Publish v3.1045.0
• 1ccd438 Publish v3.1044.0
• bee88a5 feat(client-s3): Validate outpost access point resource name
• 96baad9 Publish v3.1043.0
• d942e31 Publish v3.1042.0
• See full diff in compare view

Updates @better-auth/sso from 1.6.9 to 1.6.10

Release notes

Sourced from @​better-auth/sso's releases.

v1.6.10

better-auth

Bug Fixes

• Exposed refreshUserSessions on the internal adapter (#7764)
• Fixed organization invitation roles to accept dynamic access control roles (#9437)
• Improved link accessibility (#9521)
• Fixed incorrect email casing in one-tap, email-otp, and email-verification flows (#9369)
• Fixed OpenAPI schema for POST /sign-in/social mis-declaring required fields (#9268)
• Added a warning when the cookie plugin is placed last in the plugins array (#9484)
• Fixed useSession not revalidating after admin impersonation starts or stops (#9402)
• Fixed duplicate Set-Cookie headers being emitted on redirect responses from social sign-in and magic-link endpoints (#9497)
• Fixed the bearer plugin writing duplicate cookie entries when merging the session token into request headers (#9387)
• Fixed captcha plugin breaking the email-otp flow (#8339)
• Fixed email enumeration protection not applying when emailAndPassword.autoSignIn is false (#8839)
• Fixed a TypeError caused by non-ASCII characters in OAuth error descriptions on redirect (#9065)
• Renamed internalAdapter.deleteAccount parameter from accountId to id to reflect that it queries by primary key (#9503)
• Fixed OAuth callbacks accepting a missing provider account ID, which could link accounts under an undefined id (#9456)
• Fixed cancelPendingInvitationsOnReInvite having no effect, where re-inviting the same email always returned USER_IS_ALREADY_INVITED_TO_THIS_ORGANIZATION (#9453)
• Fixed a TS2742 type error caused by missing re-exports when using additionalFields in the organization plugin (#9349)
• Fixed useActiveMemberRole retaining a previous user's role after sign-out in SPA flows (#9440)
• Fixed setActiveTeam to only accept teams from the currently active organization (#9239)
• Added authClient.siwe.getNonce() as a compatibility alias for the SIWE nonce endpoint (#9461)
• Fixed callbackURL being ignored on signIn.username, so it now redirects correctly like signIn.email (#9475)

For detailed changes, see CHANGELOG

@better-auth/oauth-provider

Bug Fixes

• Fixed sessionId typing in refresh token types to be optional, matching the schema (#9324)
• Fixed stale prompt=login consent continuations not completing after a forced login
• Exported OAuth provider helper types needed for portable downstream TypeScript declaration emit (#9406)
• Fixed prompt=login not being honored after consent continuation, preventing session bypass (#9344)
• Added database indexes to OAuth provider foreign-key fields in generated schemas (#9389)

For detailed changes, see CHANGELOG

@better-auth/stripe

Bug Fixes

• Fixed onSubscriptionUpdate to receive the raw stripeSubscription object, and fixed onSubscriptionCancel to receive the post-update subscription row instead of a stale snapshot (#9354)
• Fixed getCheckoutSessionParams overriding internally managed Stripe Checkout Session fields such as success_url, cancel_url, customer, and line_items (#9481)
• Fixed onSubscriptionDeleted, onTrialEnd, and onTrialExpired receiving a stale pre-update subscription snapshot instead of the post-update row (#9356)
• Fixed getCheckoutSessionParams overriding free trial and internal metadata, which could hide trial periods and create duplicate subscription rows on webhook (#9474)
• Renamed internal subscription webhook variables for clarity (#9355)

... (truncated)

Changelog

Sourced from @​better-auth/sso's changelog.

1.6.10

Patch Changes

• #9398 006e809 Thanks @​Craga89! - fix(sso): use findSAMLProvider in spMetadata so defaultSSO providers resolve

  /sso/saml2/sp/metadata was the only SAML endpoint that called adapter.findOne directly, so providers configured via defaultSSO (which are not persisted to the database) caused it to throw NOT_FOUND. The endpoint now uses the shared findSAMLProvider helper, matching signInSSO, the SAML callback handler, and signOut.

• Updated dependencies [1e0f26d, 8c1e917, b2d655c, 09f1327, 906b7b3, e9c978e, e71aad3, 80a655d, 15ff28a, 88a7c67, 9a7b51d, 1b25902, cf59136, a597ee0, fc02ced, 9f1ef1f, 36ef808, c1336c5, 3a9a2c3, fde0432, 2220a6d]:

  • better-auth@1.6.10
  • @​better-auth/core@​1.6.10

Commits

• cbb5014 chore: release v1.6.10 (#9350)
• 006e809 fix(sso): use findSAMLProvider in spMetadata so defaultSSO works (#9398)
• See full diff in compare view

Updates @opentelemetry/api-logs from 0.216.0 to 0.217.0

Release notes

Sourced from @​opentelemetry/api-logs's releases.

experimental/v0.217.0

0.217.0

🚀 Features

• feat(otlp-transformer): replace protobufjs trace serialization with custom implementation #6625 @​pichlermarc
• feat(configuration): auto-generate TypeScript types from OTel declarative config JSON schema (stable v1.0.0) using json-schema-to-typescript and ajv #6533 @​MikeGoldsmith
• feat(configuration, sdk-node): startNodeSDK() code path now uses log_level configuration to setup a DiagConsoleLogger #6668 @​trentm
  • Note that allowed values for log_level in a configuration YAML file are not the same set as for OTEL_LOG_LEVEL. Use log_level: trace to see all logs (equivalent of OTEL_LOG_LEVEL=ALL). Use log_level: fatal to effectively disable the SDK's internal diagnostic logger (equivalent of OTEL_LOG_LEVEL=NONE).
  • If log_level is not specified, a diagnostic console logger at "info" level will be setup.
  • An invalid YAML config file will now result in a noop OTel SDK.

🐛 Bug Fixes

• fix(configuration): do not validate OTEL_CONFIG_FILE value before using it for file config #6643 @​trentm
• fix(configuration): improve how 'additionalProperties' in JSON schema is translated to TS types #6650 @​trentm
• fix(configuration): remove stripMinItems and preprocessNullArrays from validation/parsing #6657 @​trentm
• fix(configuration): improve handling of enums in generated types #6659 @​trentm
• fix(configuration): improve the technique for removing '| null' on types the JSON Schema #6662 @​trentm
• fix(sampler-jaeger-remote): add missing axios dep #6656 @​trentm
• fix(exporter-prometheus): handle malformed URLs in Prometheus exporter request handler #6674 @​homanp

Commits

• 74cde1b chore: prepare next release (#6675)
• e8f439a fix: handle malformed URLs in Prometheus exporter request handler (#6674)
• ab3a2e2 feat(sdk-node, configuration): diag log handling updates for startNodeSDK(), ...
• d5b7d1e fix(deps): update dependency axios to v1.15.2 [security] (#6670)
• c163618 chore(deps): update github/codeql-action digest to e46ed2c (#6661)
• ec2bfbe chore(configuration): move config generation scripts into the configuration p...
• acc9ecd chore(configuration): cosmetic changes to generated types.ts (#6663)
• 8f008ec chore: Move inactive members to emeritus (#6649)
• 435431e fix(configuration): improve the technique for removing '| null' on types due ...
• 4222024 fix(configuration): improve handling of enums in generated types (#6659)
• Additional commits viewable in compare view

Updates @opentelemetry/exporter-logs-otlp-http from 0.216.0 to 0.217.0

Release notes

Sourced from @​opentelemetry/exporter-logs-otlp-http's releases.

experimental/v0.217.0

0.217.0

🚀 Features

• feat(otlp-transformer): replace protobufjs trace serialization with custom implementation #6625 @​pichlermarc
• feat(configuration): auto-generate TypeScript types from OTel declarative config JSON schema (stable v1.0.0) using json-schema-to-typescript and ajv #6533 @​MikeGoldsmith
• feat(configuration, sdk-node): startNodeSDK() code path now uses log_level configuration to setup a DiagConsoleLogger #6668 @​trentm
  • Note that allowed values for log_level in a configuration YAML file are not the same set as for OTEL_LOG_LEVEL. Use log_level: trace to see all logs (equivalent of OTEL_LOG_LEVEL=ALL). Use log_level: fatal to effectively disable the SDK's internal diagnostic logger (equivalent of OTEL_LOG_LEVEL=NONE).
  • If log_level is not specified, a diagnostic console logger at "info" level will be setup.
  • An invalid YAML config file will now result in a noop OTel SDK.

🐛 Bug Fixes

• fix(configuration): do not validate OTEL_CONFIG_FILE value before using it for file config #6643 @​trentm
• fix(configuration): improve how 'additionalProperties' in JSON schema is translated to TS types #6650 @​trentm
• fix(configuration): remove stripMinItems and preprocessNullArrays from validation/parsing #6657 @​trentm
• fix(configuration): improve handling of enums in generated types #6659 @​trentm
• fix(configuration): improve the technique for removing '| null' on types the JSON Schema #6662 @​trentm
• fix(sampler-jaeger-remote): add missing axios dep #6656 @​trentm
• fix(exporter-prometheus): handle malformed URLs in Prometheus exporter request handler #6674 @​homanp

Commits

• 74cde1b chore: prepare next release (#6675)
• e8f439a fix: handle malformed URLs in Prometheus exporter request handler (#6674)
• ab3a2e2 feat(sdk-node, configuration): diag log handling updates for startNodeSDK(), ...
• d5b7d1e fix(deps): update dependency axios to v1.15.2 [security] (#6670)
• c163618 chore(deps): update github/codeql-action digest to e46ed2c (#6661)
• ec2bfbe chore(configuration): move config generation scripts into the configuration p...
• acc9ecd chore(configuration): cosmetic changes to generated types.ts (#6663)
• 8f008ec chore: Move inactive members to emeritus (#6649)
• 435431e fix(configuration): improve the technique for removing '| null' on types due ...
• 4222024 fix(configuration): improve handling of enums in generated types (#6659)
• Additional commits viewable in compare view

Updates @opentelemetry/sdk-logs from 0.216.0 to 0.217.0

Release notes

Sourced from @​opentelemetry/sdk-logs's releases.

experimental/v0.217.0

0.217.0

🚀 Features

• feat(otlp-transformer): replace protobufjs trace serialization with custom implementation #6625 @​pichlermarc
• feat(configuration): auto-generate TypeScript types from OTel declarative config JSON schema (stable v1.0.0) using json-schema-to-typescript and ajv #6533 @​MikeGoldsmith
• feat(configuration, sdk-node): startNodeSDK() code path now uses log_level configuration to setup a DiagConsoleLogger #6668 @​trentm
  • Note that allowed values for log_level in a configuration YAML file are not the same set as for OTEL_LOG_LEVEL. Use log_level: trace to see all logs (equivalent of OTEL_LOG_LEVEL=ALL). Use log_level: fatal to effectively disable the SDK's internal diagnostic logger (equivalent of OTEL_LOG_LEVEL=NONE).
  • If log_level is not specified, a diagnostic console logger at "info" level will be setup.
  • An invalid YAML config file will now result in a noop OTel SDK.

🐛 Bug Fixes

• fix(configuration): do not validate OTEL_CONFIG_FILE value before using it for file config #6643 @​trentm
• fix(configuration): improve how 'additionalProperties' in JSON schema is translated to TS types #6650 @​trentm
• fix(configuration): remove stripMinItems and preprocessNullArrays from validation/parsing #6657 @​trentm
• fix(configuration): improve handling of enums in generated types #6659 @​trentm
• fix(configuration): improve the technique for removing '| null' on types the JSON Schema #6662 @​trentm
• fix(sampler-jaeger-remote): add missing axios dep #6656 @​trentm
• fix(exporter-prometheus): handle malformed URLs in Prometheus exporter request handler #6674 @​homanp

Commits

• 74cde1b chore: prepare next release (#6675)
• e8f439a fix: handle malformed URLs in Prometheus exporter request handler (#6674)
• ab3a2e2 feat(sdk-node, configuration): diag log handling updates for startNodeSDK(), ...
• d5b7d1e fix(deps): update dependency axios to v1.15.2 [security] (#6670)
• c163618 chore(deps): update github/codeql-action digest to e46ed2c (#6661)
• ec2bfbe chore(configuration): move config generation scripts into the configuration p...
• acc9ecd chore(configuration): cosmetic changes to generated types.ts (#6663)
• 8f008ec chore: Move inactive members to emeritus (#6649)
• 435431e fix(configuration): improve the technique for removing '| null' on types due ...
• 4222024 fix(configuration): improve handling of enums in generated types (#6659)
• Additional commits viewable in compare view

Updates @posthog/nuxt from 1.7.21 to 1.7.25

Release notes

Sourced from @​posthog/nuxt's releases.

@​posthog/nuxt@​1.7.25

1.7.25

Patch Changes

• Updated dependencies [d120042, 94a5ba0]:
  • posthog-js@1.372.10
  • @​posthog/core@​1.28.4
  • posthog-node@5.33.4

@​posthog/nuxt@​1.7.24

1.7.24

Patch Changes

• Updated dependencies [026e09d]:
  • posthog-js@1.372.9
  • @​posthog/core@​1.28.3
  • posthog-node@5.33.3

@​posthog/nuxt@​1.7.23

1.7.23

Patch Changes

• Updated dependencies [220cd61, 255b273]:
  • @​posthog/core@​1.28.2
  • posthog-node@5.33.2
  • posthog-js@1.372.8

@​posthog/nuxt@​1.7.22

1.7.22

Patch Changes

• Updated dependencies [8aee3d5]:
  • @​posthog/core@​1.28.1
  • posthog-js@1.372.7
  • posthog-node@5.33.1

Changelog

Sourced from @​posthog/nuxt's changelog.

1.7.25

Patch Changes

• Updated dependencies [d120042, 94a5ba0]:
  • posthog-js@1.372.10
  • @​posthog/core@​1.28.4
  • posthog-node@5.33.4

1.7.24

Patch Changes

• Updated dependencies [026e09d]:
  • posthog-js@1.372.9
  • @​posthog/core@​1.28.3
  • posthog-node@5.33.3

1.7.23

Patch Changes

• Updated dependencies [220cd61, 255b273]:
  • @​posthog/core@​1.28.2
  • posthog-node@5.33.2
  • posthog-js@1.372.8

1.7.22

Patch Changes

• Updated dependencies [8aee3d5]:
  • @​posthog/core@​1.28.1
  • posthog-js@1.372.7
  • posthog-node@5.33.1

Commits

• 550b3bd chore: update versions and lockfile [version bump]
• fac0f9e chore: update versions and lockfile [version bump]
• 4b7edd3 chore: update versions and lockfile [version bump]
• e2f88e1 chore: update versions and lockfile [version bump]
• See full diff in compare view

Updates @tailwindcss/vite from 4.2.4 to 4.3.0

Release notes

Sourced from @​tailwindcss/vite's releases.

v4.3.0

Added

• Add @container-size utility (#18901)
• Add scrollbar-{auto,thin,none} utilities for scrollbar-width, and scrollbar-thumb-* / scrollbar-track-* color utilities for scrollbar-color (#19981, #20019)
• Add scrollbar-gutter-* utilities (#20018)
• Add zoom-* utilities (#20020)
• Add tab-* utilities (#20022)
• Allow using @variant with stacked variants (e.g. @variant hover:focus { … }) (#19996)
• Allow using @variant with compound variants (e.g. @variant hover, focus { … }) (#19996)
• Support --default(…) in --value(…) and --modifier(…) for functional @utility definitions (#19989)

Fixed

• Ensure @plugin resolves package JavaScript entries instead of browser CSS entries when using @tailwindcss/vite (#19949)
• Fix relative @import and @plugin paths resolving from the wrong directory when using @tailwindcss/vite (#19965)
• Ensure CSS files containing @variant are processed by @tailwindcss/vite (#19966)
• Resolve imports relative to base when result.opts.from is not provided when using @tailwindcss/postcss (#19980)
• Canonicalization: preserve significant _ whitespace in arbitrary values (#19986)
• Canonicalization: add parentheses when removing whitespace from arbitrary values would hurt readability (e.g. w-[calc(100%---spacing(60))] → w-[calc(100%-(--spacing(60)))]) (#19986)
• Canonicalization: preserve the original unit in arbitrary values instead of normalizing to base units (e.g. -mt-[20in] → mt-[-20in], not mt-[-1920px]) (#19988)
• Canonicalization: migrate arbitrary :has() variants from [&:has(…)] to has-[…] (#19991)
• Upgrade: don’t migrate inline style attributes (e.g. style="flex-grow: 1" → style="flex-grow: 1", not style="grow: 1") (#19918)
• Allow multiple @utility definitions with the same name but different value types (#19777)
• Export missing PluginWithConfig type from tailwindcss/plugin to fix errors when inferring plugin config types (#19707)
• Ensure start and end legacy utilities without values do not generate CSS (#20003)
• Ensure --value(…) is required in functional @utility definitions (#20005)
• Canonicalization: preserve required whitespace around operators in negated arbitrary values (e.g. -left-[(var(--a)+var(--b))]) (#20011)

Changelog

Sourced from @​tailwindcss/vite's changelog.

[4.3.0] - 2026-05-08

Added

• Add @container-size utility (#18901)
• Add scrollbar-{auto,thin,none} utilities for scrollbar-width, and scrollbar-thumb-* / scrollbar-track-* color utilities for scrollbar-color (#19981, #20019)
• Add scrollbar-gutter-* utilities (#20018)
• Add zoom-* utilities (#20020)
• Add tab-* utilities (#20022)
• Allow using @variant with stacked variants (e.g. @variant hover:focus { … }) (#19996)
• Allow using @variant with compound variants (e.g. @variant hover, focus { … }) (#19996)
• Support --default(…) in --value(…) and --modifier(…) for functional @utility definitions (#19989)

Fixed

• Ensure @plugin resolves package JavaScript entries instead of browser CSS entries when using @tailwindcss/vite (#19949)
• Fix relative @import and @plugin paths resolving from the wrong directory when using @tailwindcss/vite (#19965)
• Ensure CSS files containing @variant are processed by @tailwindcss/vite (#19966)
• Resolve imports relative to base when result.opts.from is not provided when using @tailwindcss/postcss (#19980)
• Canonicalization: preserve significant _ whitespace in arbitrary values (#19986)
• Canonicalization: add parentheses when removing whitespace from arbitrary values would hurt readability (e.g. w-[calc(100%---spacing(60))] → w-[calc(100%-(--spacing(60)))]) (#19986)
• Canonicalization: preserve the origin...

  Description has been truncated

[railway-app]

🚅 Deployed to the reqcore-pr-177 environment in applirank

Service	Status	Web	Updated (UTC)
applirank	✅ Success (View Logs)		May 11, 2026 at 4:56 am

[dependabot]

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml