Skip to content

chore(deps): bump the dependencies group with 5 updates#361

Merged
sertxudev merged 1 commit into
mainfrom
dependabot/npm_and_yarn/dependencies-fff9792857
May 3, 2026
Merged

chore(deps): bump the dependencies group with 5 updates#361
sertxudev merged 1 commit into
mainfrom
dependabot/npm_and_yarn/dependencies-fff9792857

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 2, 2026

Copy link
Copy Markdown
Contributor

Bumps the dependencies group with 5 updates:

Package From To
puppeteer 24.41.0 24.42.0
@tailwindcss/vite 4.2.2 4.2.4
axios 1.15.1 1.15.2
tailwindcss 4.2.2 4.2.4
vite 8.0.8 8.0.10

Updates puppeteer from 24.41.0 to 24.42.0

Release notes

Sourced from puppeteer's releases.

puppeteer-core: v24.42.0

24.42.0 (2026-04-20)

🎉 Features

🛠️ Fixes

  • remove PartitionAllocSchedulerLoopQuarantineTaskControlledPurge from disabled features (#14872) (c9909a5)
  • roll to Chrome 147.0.7727.57 (#14869) (51c4305)

puppeteer: v24.42.0

24.42.0 (2026-04-20)

♻️ Chores

  • puppeteer: Synchronize puppeteer versions

Dependencies

  • The following workspace dependencies were updated
    • dependencies
      • puppeteer-core bumped from 24.41.0 to 24.42.0
Changelog

Sourced from puppeteer's changelog.

24.42.0 (2026-04-20)

♻️ Chores

  • puppeteer: Synchronize puppeteer versions

Dependencies

  • The following workspace dependencies were updated
    • dependencies
      • puppeteer-core bumped from 24.41.0 to 24.42.0

🎉 Features

🛠️ Fixes

  • remove PartitionAllocSchedulerLoopQuarantineTaskControlledPurge from disabled features (#14872) (c9909a5)
  • roll to Chrome 147.0.7727.57 (#14869) (51c4305)
Commits

Updates @tailwindcss/vite from 4.2.2 to 4.2.4

Release notes

Sourced from @​tailwindcss/vite's releases.

v4.2.4

Fixed

  • Ensure imports in @import and @plugin still resolve correctly when using Vite aliases in @tailwindcss/vite (#19947)

v4.2.3

Fixed

  • Canonicalization: improve canonicalizations for tracking-* utilities by preferring non-negative utilities (e.g. -tracking-tightertracking-wider) (#19827)
  • Fix crash due to invalid characters in candidate (exceeding valid unicode code point range) (#19829)
  • Ensure query params in imports are considered unique resources when using @tailwindcss/webpack (#19723)
  • Canonicalization: collapse arbitrary values into shorthand utilities (e.g. px-[1.2rem] py-[1.2rem]p-[1.2rem]) (#19837)
  • Canonicalization: collapse border-{t,b}-* into border-y-*, border-{l,r}-* into border-x-*, and border-{t,r,b,l}-* into border-* (#19842)
  • Canonicalization: collapse scroll-m{t,b}-* into scroll-my-*, scroll-m{l,r}-* into scroll-mx-*, and scroll-m{t,r,b,l}-* into scroll-m-* (#19842)
  • Canonicalization: collapse scroll-p{t,b}-* into scroll-py-*, scroll-p{l,r}-* into scroll-px-*, and scroll-p{t,r,b,l}-* into scroll-p-* (#19842)
  • Canonicalization: collapse overflow-{x,y}-* into overflow-* (#19842)
  • Canonicalization: collapse overscroll-{x,y}-* into overscroll-* (#19842)
  • Read from --placeholder-color instead of --background-color for placeholder-* utilities (#19843)
  • Upgrade: ensure files are not emptied out when killing the upgrade process while it's running (#19846)
  • Upgrade: use config.content when migrating from Tailwind CSS v3 to Tailwind CSS v4 (#19846)
  • Upgrade: never migrate files that are ignored by git (#19846)
  • Add .env and .env.* to default ignored content files (#19846)
  • Canonicalization: migrate overflow-ellipsis into text-ellipsis (#19849)
  • Canonicalization: migrate start-fullinset-s-full, start-autoinset-s-auto, start-pxinset-s-px, and start-<number>inset-s-<number> as well as negative versions (#19849)
  • Canonicalization: migrate end-fullinset-e-full, end-autoinset-e-auto, end-pxinset-e-px, and end-<number>inset-e-<number> as well as negative versions (#19849)
  • Canonicalization: move the - sign inside the arbitrary value -left-[9rem]left-[-9rem] (#19858)
  • Canonicalization: move the - sign outside the arbitrary value ml-[calc(-1*var(--width))]-ml-(--width) (#19858)
  • Improve performance when scanning JSONL / NDJSON files (#19862)
  • Support NODE_PATH environment variable in standalone CLI (#19617)
Changelog

Sourced from @​tailwindcss/vite's changelog.

[4.2.4] - 2026-04-21

Fixed

  • Ensure imports in @import and @plugin still resolve correctly when using Vite aliases in @tailwindcss/vite (#19947)

[4.2.3] - 2026-04-20

Fixed

  • Canonicalization: improve canonicalization for tracking-* utilities by preferring non-negative utilities (e.g. -tracking-tightertracking-wider) (#19827)
  • Fix crash due to invalid characters in candidate (exceeding valid unicode code point range) (#19829)
  • Ensure query params in imports are considered unique resources when using @tailwindcss/webpack (#19723)
  • Canonicalization: collapse arbitrary values into shorthand utilities (e.g. px-[1.2rem] py-[1.2rem]p-[1.2rem]) (#19837)
  • Canonicalization: collapse border-{t,b}-* into border-y-*, border-{l,r}-* into border-x-*, and border-{t,r,b,l}-* into border-* (#19842)
  • Canonicalization: collapse scroll-m{t,b}-* into scroll-my-*, scroll-m{l,r}-* into scroll-mx-*, and scroll-m{t,r,b,l}-* into scroll-m-* (#19842)
  • Canonicalization: collapse scroll-p{t,b}-* into scroll-py-*, scroll-p{l,r}-* into scroll-px-*, and scroll-p{t,r,b,l}-* into scroll-p-* (#19842)
  • Canonicalization: collapse overflow-{x,y}-* into overflow-* (#19842)
  • Canonicalization: collapse overscroll-{x,y}-* into overscroll-* (#19842)
  • Read from --placeholder-color instead of --background-color for placeholder-* utilities (#19843)
  • Upgrade: ensure files are not emptied out when killing the upgrade process while it's running (#19846)
  • Upgrade: use config.content when migrating from Tailwind CSS v3 to Tailwind CSS v4 (#19846)
  • Upgrade: never migrate files that are ignored by git (#19846)
  • Add .env and .env.* to default ignored content files (#19846)
  • Canonicalization: migrate overflow-ellipsis into text-ellipsis (#19849)
  • Canonicalization: migrate start-fullinset-s-full, start-autoinset-s-auto, start-pxinset-s-px, and start-<number>inset-s-<number> as well as negative versions (#19849)
  • Canonicalization: migrate end-fullinset-e-full, end-autoinset-e-auto, end-pxinset-e-px, and end-<number>inset-e-<number> as well as negative versions (#19849)
  • Canonicalization: move the - sign inside the arbitrary value -left-[9rem]left-[-9rem] (#19858)
  • Canonicalization: move the - sign outside the arbitrary value ml-[calc(-1*var(--width))]-ml-(--width) (#19858)
  • Improve performance when scanning JSONL / NDJSON files (#19862)
  • Support NODE_PATH environment variable in standalone CLI (#19617)
Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​tailwindcss/vite since your current version.


Updates axios from 1.15.1 to 1.15.2

Release notes

Sourced from axios's releases.

v1.15.2

This release delivers prototype-pollution hardening for the Node HTTP adapter, adds an opt-in allowedSocketPaths allowlist to mitigate SSRF via Unix domain sockets, fixes a keep-alive socket memory leak, and ships supply-chain hardening across CI and security docs.

🔒 Security Fixes

  • Prototype Pollution Hardening (HTTP Adapter): Hardened the Node HTTP adapter and resolveConfig/mergeConfig/validator paths to read only own properties and use null-prototype config objects, preventing polluted auth, baseURL, socketPath, beforeRedirect, and insecureHTTPParser from influencing requests. (#10779)
  • SSRF via socketPath: Rejects non-string socketPath values and adds an opt-in allowedSocketPaths config option to restrict permitted Unix domain socket paths, returning AxiosError ERR_BAD_OPTION_VALUE on mismatch. (#10777)
  • Supply-chain Hardening: Added .npmrc with ignore-scripts=true, lockfile lint CI, non-blocking reproducible build diff, scoped CODEOWNERS, expanded SECURITY.md/THREATMODEL.md with provenance verification (npm audit signatures), 60-day resolution policy, and maintainer incident-response runbook. (#10776)

🚀 New Features

  • allowedSocketPaths Config Option: New request config option (and TypeScript types) to allowlist Unix domain socket paths used by the Node http adapter; backwards compatible when unset. (#10777)

🐛 Bug Fixes

  • Keep-alive Socket Memory Leak: Installs a single per-socket error listener tracking the active request via kAxiosSocketListener/kAxiosCurrentReq, eliminating per-request listener accumulation, MaxListenersExceededWarning, and linear heap growth under concurrent or long-running keep-alive workloads (fixes #10780). (#10788)

🔧 Maintenance & Chores

  • Changelog: Updated CHANGELOG.md with v1.15.1 release notes. (#10781)

Full Changelog

Changelog

Sourced from axios's changelog.

v1.15.2 - April 21, 2026

This release delivers prototype-pollution hardening for the Node HTTP adapter, adds an opt-in allowedSocketPaths allowlist to mitigate SSRF via Unix domain sockets, fixes a keep-alive socket memory leak, and ships supply-chain hardening across CI and security docs.

🔒 Security Fixes

  • Prototype Pollution Hardening (HTTP Adapter): Hardened the Node HTTP adapter and resolveConfig/mergeConfig/validator paths to read only own properties and use null-prototype config objects, preventing polluted auth, baseURL, socketPath, beforeRedirect, and insecureHTTPParser from influencing requests. (#10779)
  • SSRF via socketPath: Rejects non-string socketPath values and adds an opt-in allowedSocketPaths config option to restrict permitted Unix domain socket paths, returning AxiosError ERR_BAD_OPTION_VALUE on mismatch. (#10777)
  • Supply-chain Hardening: Added .npmrc with ignore-scripts=true, lockfile lint CI, non-blocking reproducible build diff, scoped CODEOWNERS, expanded SECURITY.md/THREATMODEL.md with provenance verification (npm audit signatures), 60-day resolution policy, and maintainer incident-response runbook. (#10776)

🚀 New Features

  • allowedSocketPaths Config Option: New request config option (and TypeScript types) to allowlist Unix domain socket paths used by the Node http adapter; backwards compatible when unset. (#10777)

🐛 Bug Fixes

  • Keep-alive Socket Memory Leak: Installs a single per-socket error listener tracking the active request via kAxiosSocketListener/kAxiosCurrentReq, eliminating per-request listener accumulation, MaxListenersExceededWarning, and linear heap growth under concurrent or long-running keep-alive workloads (fixes #10780). (#10788)

🔧 Maintenance & Chores

  • Changelog: Updated CHANGELOG.md with v1.15.1 release notes. (#10781)

Full Changelog


Commits

Updates tailwindcss from 4.2.2 to 4.2.4

Release notes

Sourced from tailwindcss's releases.

v4.2.4

Fixed

  • Ensure imports in @import and @plugin still resolve correctly when using Vite aliases in @tailwindcss/vite (#19947)

v4.2.3

Fixed

  • Canonicalization: improve canonicalizations for tracking-* utilities by preferring non-negative utilities (e.g. -tracking-tightertracking-wider) (#19827)
  • Fix crash due to invalid characters in candidate (exceeding valid unicode code point range) (#19829)
  • Ensure query params in imports are considered unique resources when using @tailwindcss/webpack (#19723)
  • Canonicalization: collapse arbitrary values into shorthand utilities (e.g. px-[1.2rem] py-[1.2rem]p-[1.2rem]) (#19837)
  • Canonicalization: collapse border-{t,b}-* into border-y-*, border-{l,r}-* into border-x-*, and border-{t,r,b,l}-* into border-* (#19842)
  • Canonicalization: collapse scroll-m{t,b}-* into scroll-my-*, scroll-m{l,r}-* into scroll-mx-*, and scroll-m{t,r,b,l}-* into scroll-m-* (#19842)
  • Canonicalization: collapse scroll-p{t,b}-* into scroll-py-*, scroll-p{l,r}-* into scroll-px-*, and scroll-p{t,r,b,l}-* into scroll-p-* (#19842)
  • Canonicalization: collapse overflow-{x,y}-* into overflow-* (#19842)
  • Canonicalization: collapse overscroll-{x,y}-* into overscroll-* (#19842)
  • Read from --placeholder-color instead of --background-color for placeholder-* utilities (#19843)
  • Upgrade: ensure files are not emptied out when killing the upgrade process while it's running (#19846)
  • Upgrade: use config.content when migrating from Tailwind CSS v3 to Tailwind CSS v4 (#19846)
  • Upgrade: never migrate files that are ignored by git (#19846)
  • Add .env and .env.* to default ignored content files (#19846)
  • Canonicalization: migrate overflow-ellipsis into text-ellipsis (#19849)
  • Canonicalization: migrate start-fullinset-s-full, start-autoinset-s-auto, start-pxinset-s-px, and start-<number>inset-s-<number> as well as negative versions (#19849)
  • Canonicalization: migrate end-fullinset-e-full, end-autoinset-e-auto, end-pxinset-e-px, and end-<number>inset-e-<number> as well as negative versions (#19849)
  • Canonicalization: move the - sign inside the arbitrary value -left-[9rem]left-[-9rem] (#19858)
  • Canonicalization: move the - sign outside the arbitrary value ml-[calc(-1*var(--width))]-ml-(--width) (#19858)
  • Improve performance when scanning JSONL / NDJSON files (#19862)
  • Support NODE_PATH environment variable in standalone CLI (#19617)
Changelog

Sourced from tailwindcss's changelog.

[4.2.4] - 2026-04-21

Fixed

  • Ensure imports in @import and @plugin still resolve correctly when using Vite aliases in @tailwindcss/vite (#19947)

[4.2.3] - 2026-04-20

Fixed

  • Canonicalization: improve canonicalization for tracking-* utilities by preferring non-negative utilities (e.g. -tracking-tightertracking-wider) (#19827)
  • Fix crash due to invalid characters in candidate (exceeding valid unicode code point range) (#19829)
  • Ensure query params in imports are considered unique resources when using @tailwindcss/webpack (#19723)
  • Canonicalization: collapse arbitrary values into shorthand utilities (e.g. px-[1.2rem] py-[1.2rem]p-[1.2rem]) (#19837)
  • Canonicalization: collapse border-{t,b}-* into border-y-*, border-{l,r}-* into border-x-*, and border-{t,r,b,l}-* into border-* (#19842)
  • Canonicalization: collapse scroll-m{t,b}-* into scroll-my-*, scroll-m{l,r}-* into scroll-mx-*, and scroll-m{t,r,b,l}-* into scroll-m-* (#19842)
  • Canonicalization: collapse scroll-p{t,b}-* into scroll-py-*, scroll-p{l,r}-* into scroll-px-*, and scroll-p{t,r,b,l}-* into scroll-p-* (#19842)
  • Canonicalization: collapse overflow-{x,y}-* into overflow-* (#19842)
  • Canonicalization: collapse overscroll-{x,y}-* into overscroll-* (#19842)
  • Read from --placeholder-color instead of --background-color for placeholder-* utilities (#19843)
  • Upgrade: ensure files are not emptied out when killing the upgrade process while it's running (#19846)
  • Upgrade: use config.content when migrating from Tailwind CSS v3 to Tailwind CSS v4 (#19846)
  • Upgrade: never migrate files that are ignored by git (#19846)
  • Add .env and .env.* to default ignored content files (#19846)
  • Canonicalization: migrate overflow-ellipsis into text-ellipsis (#19849)
  • Canonicalization: migrate start-fullinset-s-full, start-autoinset-s-auto, start-pxinset-s-px, and start-<number>inset-s-<number> as well as negative versions (#19849)
  • Canonicalization: migrate end-fullinset-e-full, end-autoinset-e-auto, end-pxinset-e-px, and end-<number>inset-e-<number> as well as negative versions (#19849)
  • Canonicalization: move the - sign inside the arbitrary value -left-[9rem]left-[-9rem] (#19858)
  • Canonicalization: move the - sign outside the arbitrary value ml-[calc(-1*var(--width))]-ml-(--width) (#19858)
  • Improve performance when scanning JSONL / NDJSON files (#19862)
  • Support NODE_PATH environment variable in standalone CLI (#19617)
Commits

Updates vite from 8.0.8 to 8.0.10

Release notes

Sourced from vite's releases.

v8.0.10

Please refer to CHANGELOG.md for details.

v8.0.9

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

8.0.10 (2026-04-23)

Features

Bug Fixes

  • hmrClient.logger.debug and hmrClient.logger.error looked different from other HMR logs (#22147) (a4d828f)
  • css: show filename in CSS minification warnings for .css?inline (#22292) (83f0a78)
  • optimizer: allow user transform.target to override default in optimizeDeps (#22273) (5c7cec6)
  • remove format sniffing module resolution from JS resolver (#22297) (b8a21cc)

Code Refactoring

8.0.9 (2026-04-20)

Features

Bug Fixes

  • allow binding when strictPort is set but wildcard port is in use (#22150) (dfc8aa5)
  • build: emptyOutDir should happen for watch rebuilds (#22207) (ee52267)
  • bundled-dev: reject requests to HMR patch files in non potentially trustworthy origins (#22269) (868f141)
  • css: use unique key for cssEntriesMap to prevent same-basename collision (#22039) (374bb5d)
  • deps: update all non-major dependencies (#22219) (4cd0d67)
  • deps: update all non-major dependencies (#22268) (c28e9c1)
  • detect Deno workspace root (fix #22237) (#22238) (1b793c0)
  • dev: handle errors in watchChange hook (#22188) (fc08bda)
  • optimizer: handle more chars that will be sanitized (#22208) (3f24533)
  • skip fallback sourcemap generation for ?raw imports (#22148) (3ec9cda)

Documentation

Miscellaneous Chores

  • deps: update dependency dotenv-expand to v13 (#22271) (0a3887d)
Commits
  • 32c2978 release: v8.0.10
  • a4d06d9 feat: update rolldown to 1.0.0-rc.17 (#22299)
  • a4d828f fix: hmrClient.logger.debug and hmrClient.logger.error looked different f...
  • 83f0a78 fix(css): show filename in CSS minification warnings for .css?inline (#22292)
  • b8a21cc fix: remove format sniffing module resolution from JS resolver (#22297)
  • 40a0847 refactor: typecheck client directory (#22284)
  • 5c7cec6 fix(optimizer): allow user transform.target to override default in optimizeDe...
  • 9437518 refactor: enable some typecheck rules (#22278)
  • ce729f5 release: v8.0.9
  • 605bb97 docs: update build CLI defaults (#22261)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot dependabot Bot added the dependencies Updates project dependencies label May 2, 2026
Bumps the dependencies group with 5 updates:

| Package | From | To |
| --- | --- | --- |
| [puppeteer](https://github.com/puppeteer/puppeteer) | `24.41.0` | `24.42.0` |
| [@tailwindcss/vite](https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/@tailwindcss-vite) | `4.2.2` | `4.2.4` |
| [axios](https://github.com/axios/axios) | `1.15.1` | `1.15.2` |
| [tailwindcss](https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/tailwindcss) | `4.2.2` | `4.2.4` |
| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `8.0.8` | `8.0.10` |


Updates `puppeteer` from 24.41.0 to 24.42.0
- [Release notes](https://github.com/puppeteer/puppeteer/releases)
- [Changelog](https://github.com/puppeteer/puppeteer/blob/main/CHANGELOG.md)
- [Commits](puppeteer/puppeteer@puppeteer-v24.41.0...puppeteer-v24.42.0)

Updates `@tailwindcss/vite` from 4.2.2 to 4.2.4
- [Release notes](https://github.com/tailwindlabs/tailwindcss/releases)
- [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tailwindlabs/tailwindcss/commits/v4.2.4/packages/@tailwindcss-vite)

Updates `axios` from 1.15.1 to 1.15.2
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](axios/axios@v1.15.1...v1.15.2)

Updates `tailwindcss` from 4.2.2 to 4.2.4
- [Release notes](https://github.com/tailwindlabs/tailwindcss/releases)
- [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tailwindlabs/tailwindcss/commits/v4.2.4/packages/tailwindcss)

Updates `vite` from 8.0.8 to 8.0.10
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v8.0.10/packages/vite)

---
updated-dependencies:
- dependency-name: puppeteer
  dependency-version: 24.42.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: "@tailwindcss/vite"
  dependency-version: 4.2.4
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: axios
  dependency-version: 1.15.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: tailwindcss
  dependency-version: 4.2.4
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: vite
  dependency-version: 8.0.10
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@sertxudev sertxudev force-pushed the dependabot/npm_and_yarn/dependencies-fff9792857 branch from 2f8b7ad to 5e0fbb3 Compare May 3, 2026 08:41
@sertxudev sertxudev merged commit 324e9c0 into main May 3, 2026
4 checks passed
@sertxudev sertxudev deleted the dependabot/npm_and_yarn/dependencies-fff9792857 branch May 3, 2026 08:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Updates project dependencies

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant