search

ROhta / bingo_next

GNU General Public License v3.0
0 stars 0 forks source link

[Snyk] Upgrade tailwindcss from 3.2.4 to 3.4.3 #477

Closed ROhta closed 1 month ago

ROhta commented 4 months ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade tailwindcss from 3.2.4 to 3.4.3.

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
- The recommended version is **15 versions** ahead of your current version. - The recommended version was released **a month ago**, on 2024-03-27. The recommended version fixes: Severity | Issue | PriorityScore (*) | Exploit Maturity | :-------------------------:|:-------------------------|-------------------------|:------------------------- | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-SEMVER-3247795](https://snyk.io/vuln/SNYK-JS-SEMVER-3247795) | **482/1000**
**Why?** Proof of Concept exploit, CVSS 7.5 | Proof of Concept | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-SEMVER-3247795](https://snyk.io/vuln/SNYK-JS-SEMVER-3247795) | **482/1000**
**Why?** Proof of Concept exploit, CVSS 7.5 | Proof of Concept | Uncaught Exception
[SNYK-JS-YAML-5458867](https://snyk.io/vuln/SNYK-JS-YAML-5458867) | **482/1000**
**Why?** Proof of Concept exploit, CVSS 7.5 | Proof of Concept | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-WORDWRAP-3149973](https://snyk.io/vuln/SNYK-JS-WORDWRAP-3149973) | **482/1000**
**Why?** Proof of Concept exploit, CVSS 7.5 | Proof of Concept (*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: tailwindcss
  • 3.4.3 - 2024-03-27

    Fixed

    • Revert changes to glob handling (#13384)
  • 3.4.2 - 2024-03-27

    Fixed

    • Ensure max specificity of 0,0,1 for button and input Preflight rules (#12735)
    • Improve glob handling for folders with (, ), [ or ] in the file path (#12715)
    • Split :has rules when using experimental.optimizeUniversalDefaults (#12736)
    • Sort arbitrary properties alphabetically across multiple class lists (#12911)
    • Add mix-blend-plus-darker utility (#12923)
    • Ensure dashes are allowed in variant modifiers (#13303)
    • Fix crash showing completions in Intellisense when using a custom separator (#13306)
    • Transpile import.meta.url in config files (#13322)
    • Reset letter spacing for form elements (#13150)
    • Fix missing xx-large and remove double x-large absolute size (#13324)
    • Don't error when encountering nested CSS unless trying to @ apply a class that uses nesting (#13325)
    • Ensure that arbitrary properties respect important configuration (#13353)
    • Change dark mode selector so @ apply works correctly with pseudo elements (#13379)
  • 3.4.1 - 2024-01-05

    Fixed

    • Don't remove keyframe stops when using important utilities (#12639)
    • Don't add spaces to gradients and grid track names when followed by calc() (#12704)
    • Restore old behavior for class dark mode strategy (#12717)

    Added

    • Add new selector and variant strategies for dark mode (#12717)

    Changed

    • Support rtl and ltr variants on same element as dir attribute (#12717)
  • 3.4.0 - 2023-12-19

    Tailwind CSS

    Tailwind CSS v3.4 has arrived! Check out the announcement post for a guided tour through all of the highlights.

    Added

    • Add svh, lvh, and dvh values to default height/min-height/max-height theme (#11317)
    • Add has-* variants for :has(...) pseudo-class (#11318)
    • Add text-wrap utilities including text-balance and text-pretty (#11320, #12031)
    • Extend default opacity scale to include all steps of 5 (#11832)
    • Update Preflight html styles to include shadow DOM :host pseudo-class (#11200)
    • Increase default values for grid-rows-* utilities from 1–6 to 1–12 (#12180)
    • Add size-* utilities (#12287)
    • Add utilities for CSS subgrid (#12298)
    • Add spacing scale to min-w-*, min-h-*, and max-w-* utilities (#12300)
    • Add forced-color-adjust utilities (#11931)
    • Add forced-colors variant (#11694, #12582)
    • Add appearance-auto utility (#12404)
    • Add logical property values for float and clear utilities (#12480)
    • Add * variant for targeting direct children (#12551)

    Changed

    • Simplify the sans font-family stack (#11748)
    • Disable the tap highlight overlay on iOS (#12299)
    • Improve relative precedence of rtl, ltr, forced-colors, and dark variants (#12584)
      </li>
  <li>
    <b>3.3.7</b> - <a href="https://snyk.io/redirect/github/tailwindlabs/tailwindcss/releases/tag/v3.3.7">2023-12-18</a></br><h3>Fixed</h3>
    • Fix support for container query utilities with arbitrary values (#12534)
    • Fix custom config loading in Standalone CLI (#12616)
      </li>
  <li>
    <b>3.3.6</b> - <a href="https://snyk.io/redirect/github/tailwindlabs/tailwindcss/releases/tag/v3.3.6">2023-12-04</a></br><h3>Fixed</h3>
    • Don’t add spaces to negative numbers following a comma (#12324)
    • Don't emit @ config in CSS when watching via the CLI (#12327)
    • Improve types for resolveConfig (#12272)
    • Ensure configured font-feature-settings for mono are included in Preflight (#12342)
    • Improve candidate detection in minified JS arrays (without spaces) (#12396)
    • Don't crash when given applying a variant to a negated version of a simple utility (#12514)
    • Fix support for slashes in arbitrary modifiers (#12515)
    • Fix source maps of variant utilities that come from an @ layer rule (#12508)
    • Fix loading of built-in plugins when using an ESM or TypeScript config with the Standalone CLI (#12506)
      </li>
  <li>
    <b>3.3.5</b> - <a href="https://snyk.io/redirect/github/tailwindlabs/tailwindcss/releases/tag/v3.3.5">2023-10-25</a></br><h3>Fixed</h3>
    • Fix incorrect spaces around - in calc() expression (#12283)
      </li>
  <li>
    <b>3.3.4</b> - <a href="https://snyk.io/redirect/github/tailwindlabs/tailwindcss/releases/tag/v3.3.4">2023-10-24</a></br><h3>Fixed</h3>
    • Improve normalisation of calc()-like functions (#11686)
    • Skip calc() normalisation in nested theme() calls (#11705)
    • Fix incorrectly generated CSS when using square brackets inside arbitrary properties (#11709)
    • Make content optional for presets in TypeScript types (#11730)
    • Handle variable colors that have variable fallback values (#12049)
    • Batch reading content files to prevent too many open files error (#12079)
    • Skip over classes inside :not(…) when nested in an at-rule (#12105)
    • Update types to work with Node16 module resolution (#12097)
    • Don’t crash when important and parent selectors are equal in @ apply (#12112)
    • Eliminate irrelevant rules when applying variants (#12113)
    • Improve RegEx parser, reduce possibilities as the key for arbitrary properties (#12121)
    • Fix sorting of utilities that share multiple candidates (#12173)
    • Ensure variants with arbitrary values and a modifier are correctly matched in the RegEx based parser (#12179)
    • Fix crash when watching renamed files on FreeBSD (#12193)
    • Allow plugins from a parent document to be used in an iframe (#12208)
    • Add types for tailwindcss/nesting (#12269)
    • Bump jiti, fast-glob, and browserlist dependencies (#11550)
    • Improve automatic var injection for properties that accept a <dashed-ident> (#12236)
      </li>
  <li>
    <b>3.3.3</b> - <a href="https://snyk.io/redirect/github/tailwindlabs/tailwindcss/releases/tag/v3.3.3">2023-07-13</a></br><h3>Fixed</h3>
    • Fix issue where some pseudo-element variants generated the wrong selector (#10943, #10962, #11111)
    • Make font settings propagate into buttons, inputs, etc. (#10940)
    • Fix parsing of theme() inside calc() when there are no spaces around operators (#11157)
    • Ensure repeating-conic-gradient is detected as an image (#11180)
    • Move unknown pseudo-elements outside of :is by default (#11345)
    • Escape animation names when prefixes contain special characters (#11470)
    • Don't prefix arbitrary classes in group and peer variants (#11454)
    • Sort classes using position of first matching rule (#11504)
    • Allow variant to be an at-rule without a prelude (#11589)
    • Make PostCSS plugin async to improve performance (#11548)
    • Don’t error when a config file is missing (f97759f)

    Added

    • Add aria-busy utility (#10966)

    Changed

    • Reset padding for <dialog> elements in preflight (#11069)
      </li>
  <li>
    <b>3.3.2</b> - <a href="https://snyk.io/redirect/github/tailwindlabs/tailwindcss/releases/tag/v3.3.2">2023-04-25</a></br><h3>Fixed</h3>
    • Don’t move unknown pseudo-elements to the end of selectors (#10943, #10962)
    • Inherit gradient stop positions when using variants (#11002)
    • Honor default to position of gradient when using implicit transparent colors (#11002)
    • Ensure @ tailwindcss/oxide doesn't leak in the stable engine (#10988)
    • Ensure multiple theme(spacing[5]) calls with bracket notation in arbitrary properties work (#11039)
    • Normalize arbitrary modifiers (#11057)

    Changed

    • Drop support for Node.js v12 (#11089)
      </li>
  <li>
    <b>3.3.1</b> - 2023-03-30
  </li>
  <li>
    <b>3.3.0</b> - 2023-03-28
  </li>
  <li>
    <b>3.2.7</b> - 2023-02-16
  </li>
  <li>
    <b>3.2.6</b> - 2023-02-08
  </li>
  <li>
    <b>3.2.5</b> - 2023-02-08
  </li>
  <li>
    <b>3.2.4</b> - 2022-11-11
  </li>
</ul>
from <a href="https://snyk.io/redirect/github/tailwindlabs/tailwindcss/releases">tailwindcss GitHub release notes</a>

Commit messages
Package name: tailwindcss
  • f1f419a 3.4.3
  • e6c1082 Revert changes to glob handling (#13384)
  • 8430d8b 3.4.2
  • 8b4a2a6 Change dark selector so `@ apply` works correctly with pseudo elements (#13379)
  • 97607f1 Ensure that arbitrary properties respect `important` configuration (#13353)
  • c033f10 Update CHANGELOG.md
  • bda8421 Only detect nesting when using `@ apply` (#13325)
  • 3ba51d1 Remove leading space in `box-shadow`'s `addDefaults` call (#13334)
  • a53d854 Fix missing `xx-large` and remove double `x-large` absolute size (#13324)
  • ea90d3a Reset letter spacing for form elements (#13150)
  • b10b431 Transpile `import.meta.url` in config files (#13322)
  • 44b3b42 Cleanup oxide — Part #2 (#13312)
  • c28c718 Update esbuild to version 0.20.2 (#13315)
  • 27e4b65 Fix crash showing completions in Intellisense when using a custom separator (#13306)
  • 9b90c53 Cleanup oxide — Part #1 (#13304)
  • d56d241 Ensure dashes are allowed in variant modifiers (#13303)
  • 41e94eb Add missing `workflow_dispatch` (#13302)
  • 3eb8cab 🚨 [security] Update vite 4.3.2 → 5.1.6 (major) (#13287)
  • 3a466bc Update rollup to version 4.13.0 (#13279)
  • 41c90f6 Update sass to version 1.72.0 (#13296)
  • f5408d6 Fix failing integration tests in CI (#13300)
  • d86fd0b CI: Add provenance to all published packages (#13097)
  • de00a62 Update contributing
  • 4429ab8 Update CHANGELOG.md 3.4.1 release date (#13024)
Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs