[Snyk] Upgrade tailwindcss from 3.4.17 to 4.1.7

[nerdy-tech-com-gitub]

Snyk has created this PR to upgrade tailwindcss from 3.4.17 to 4.1.7.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

• The recommended version is 72 versions ahead of your current version.

• The recommended version was released a month ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Directory Traversal SNYK-JS-SUPABASEAUTHJS-10255365	94	No Known Exploit

Release notes

Package name: tailwindcss

• 4.1.7 - 2025-05-15
  

  Added

  • Upgrade: Migrate bare values to named values (#18000)
  • Upgrade: Added cache to improve template migration performance (#18025)

  Fixed

  • Allow _ before numbers during candidate extraction (#17961)
  • Prevent duplicate suggestions when using @ theme and @ utility together (#17675)
  • Ensure that media queries within ::before and ::after pseudo selectors create valid CSS rules in production builds (#17979)
  • Ensure that the standalone CLI does not leave temporary files behind (#17981)
  • Ensure -rotate-* utilities properly negate arbitrary values (#18014)
  • Ignore custom variants using :merge(…) selectors in legacy JS plugins (#18020)
  • Ensure classes containing . are properly extracted from Clojure files (#18038)
  • Upgrade: Fix error when using @ import … source(…) (#17963)
  • Upgrade: Change casing of utilities with named values to kebab-case to match updated theme variables (#18017)
  • Upgrade: Don't migrate strings that match utility names in Vue attribute bindings other than class (#18025)
• 4.1.6 - 2025-05-09
  

  Added

  • Upgrade: Automatically convert arbitrary values to named values when possible (e.g. h-[1lh] to h-lh) (#17831, #17854)
  • Upgrade: Update dependencies in parallel for improved performance (#17898)
  • Add detailed logging about @ source directives, discovered files and scanned files when using DEBUG=* (#17906, #17952)
  • Add support for generating source maps in development (#17775)

  Fixed

  • Ensure negative arbitrary scale values generate negative values (#17831)
  • Fix HAML extraction with embedded Ruby (#17846)
  • Don't scan files for utilities when using @ reference (#17836)
  • Fix incorrectly replacing _ with in arbitrary modifier shorthand bg-red-500/(--my_opacity) (#17889)
  • Don't scan .log files for classes by default (#17906)
  • Ensure that custom utilities applying other custom utilities don't swallow nested @ apply rules (#17925)
  • Download platform specific package if optionalDependencies are skipped (#17929)
• 4.1.5 - 2025-04-30
  

  Added

  • Support using @ tailwindcss/upgrade to upgrade between versions of v4.* (#17717)
  • Add h-lh / min-h-lh / max-h-lh utilities (#17790)
  • Transition display, visibility, content-visibility, overlay, and pointer-events when using transition to simplify @ starting-style usage (#17812)

  Fixed

  • Don't scan .geojson or .db files for classes by default (#17700, #17711)
  • Hide default shadow suggestions when missing default shadow theme keys (#17743)
  • Replace _ with . in theme suggestions for @ utility if surrounded by digits (#17733)
  • Skip color-mix(…) when opacity is 100% (#17815)
  • PostCSS: Ensure that errors in imported stylesheets are recoverable (#17754)
  • Upgrade: Bump all Tailwind CSS related dependencies during upgrade (#17763)
  • Upgrade: Don't add - to variants starting with @ (#17814)
  • Upgrade: Don't format stylesheets that didn't change when upgrading (#17824)
• 4.1.4 - 2025-04-14
  

  Added

  • Add experimental @ tailwindcss/oxide-wasm32-wasi target for running Tailwind in browser environments like StackBlitz (#17558)

  Fixed

  • Ensure color-mix(…) polyfills do not cause used CSS variables to be removed (#17555)
  • Ensure color-mix(…) polyfills create fallbacks for theme variables that reference other theme variables (#17562)
  • Fix brace expansion in declining ranges like {10..0..5} and {0..10..-5} (#17591)
  • Work around a Chrome rendering bug when using the skew-* utilities (#17627)
  • Ensure container query variant names can contain hyphens (#17628)
  • Ensure shadow-inherit, inset-shadow-inherit, drop-shadow-inherit, and text-shadow-inherit inherit the shadow color (#17647)
  • Ensure compatibility with array tuples used in fontSize JS theme keys (#17630)
  • Ensure folders with binary file extensions in their names are scanned for utilities (#17595)
  • Upgrade: Convert fontSize array tuple syntax to CSS theme variables (#17630)
• 4.1.3 - 2025-04-04
  

  Fixed

  • Show warning when using unsupported bare value data type in --value(…) (#17464)
  • PostCSS: Ensure changes to the input CSS file don't generate stale output when using Turbopack (#17554)
  • Ensure classes are detected in Ruby's %w syntax in Slim templates (#17557)
• 4.1.2 - 2025-04-03
  

  Fixed

  • Don't rely on the presence of @ layer base to polyfill @ property (#17506)
  • Support setting multiple inset shadows as arbitrary values (#17523)
  • Fix drop-shadow-* utilities that are defined with multiple shadows (#17515)
  • PostCSS: Fix race condition when two changes are queued concurrently (#17514)
  • PostCSS: Ensure files containing @ tailwind utilities are processed (#17514)
  • Ensure the color-mix(…) polyfill creates fallbacks even when using colors that cannot be statically analyzed (#17513)
  • Fix slow incremental builds with @ tailwindcss/vite and @ tailwindcss/postscss (especially on Windows) (#17511)
  • Vite: Fix missing CSS file in Qwik setups (#17533)
• 4.1.1 - 2025-04-02
  

  Fixed

  • Disable padding in @ source inline(…) brace expansion (#17491)
  • Inject polyfills after @ import and body-less @ layer (#17493)
  • Ensure @ tailwindcss/cli does not contain an import for jiti (#17502)
• 4.1.0 - 2025-04-01
  

  Added

  • Add details-content variant (#15319)
  • Add inverted-colors variant (#11693)
  • Add noscript variant (#11929, #17431)
  • Add items-baseline-last and self-baseline-last utilities (#13888, #17476)
  • Add pointer-none, pointer-coarse, and pointer-fine variants (#16946)
  • Add any-pointer-none, any-pointer-coarse, and any-pointer-fine variants (#16941)
  • Add safe alignment utilities (#14607)
  • Add user-valid and user-invalid variants (#12370)
  • Add wrap-anywhere, wrap-break-word, and wrap-normal utilities (#12128)
  • Add @ source inline(…) and @ source not inline(…) (#17147)
  • Add @ source not "…" (#17255)
  • Add text-shadow-* utilities (#17389)
  • Add mask-* utilities (#17134)
  • Add bg-{position,size}-* utilities for arbitrary values (#17432)
  • Add shadow-*/<alpha>, inset-shadow-*/<alpha>, drop-shadow-*/<alpha>, and text-shadow-*/<alpha> utilities to control shadow opacity (#17398, #17434)
  • Add drop-shadow-<color> utilities (#17434)
  • Improve compatibility with older versions of Safari and Firefox (#17435)

  Fixed

  • Follow symlinks when resolving @ source directives (#17391)
  • Don't scan ignored files for classes when changing an ignored file triggers a rebuild using @ tailwindcss/cli (#17255)
  • Support negated content rules in legacy JavaScript configuration (#17255)
  • Interpret syntax like @("@")md:… as @ md:… in Razor files (#17427)
  • Disallow top-level braces, top-level semicolons, and unbalanced parentheses and brackets in arbitrary values (#17361)
  • Ensure the --theme(…) function still resolves to the CSS variables when using legacy JS plugins (#17458)
  • Detect used theme variables in CSS module files (#17433, #17467)

  Changed

  • Ignore node_modules by default (can be overridden by @ source … rules) (#17255)
  • @ source rules that include file extensions or point inside node_modules/ folders no longer consider your .gitignore rules (#17255)
  • Deprecate bg-{left,right}-{top,bottom} in favor of bg-{top,bottom}-{left,right} utilities (#17378)
  • Deprecate object-{left,right}-{top,bottom} in favor of object-{top,bottom}-{left,right} utilities (#17437)
• 4.0.17 - 2025-03-26
  

  Fixed

  • Fix an issue causing the CLI to hang when processing Ruby files (#17383)
• 4.0.16 - 2025-03-25
• 4.0.15 - 2025-03-20
• 4.0.14 - 2025-03-13
• 4.0.13 - 2025-03-11
• 4.0.12 - 2025-03-07
• 4.0.11 - 2025-03-06
• 4.0.10 - 2025-03-05
• 4.0.9 - 2025-02-25
• 4.0.8 - 2025-02-21
• 4.0.7 - 2025-02-18
• 4.0.6 - 2025-02-10
• 4.0.5 - 2025-02-08
• 4.0.4 - 2025-02-06
• 4.0.3 - 2025-02-01
• 4.0.2 - 2025-01-31
• 4.0.1 - 2025-01-29
• 4.0.0 - 2025-01-21
• 4.0.0-beta.10 - 2025-01-21
• 4.0.0-beta.9 - 2025-01-09
• 4.0.0-beta.8 - 2024-12-17
• 4.0.0-beta.7 - 2024-12-13
• 4.0.0-beta.6 - 2024-12-06
• 4.0.0-beta.5 - 2024-12-04
• 4.0.0-beta.4 - 2024-11-29
• 4.0.0-beta.3 - 2024-11-27
• 4.0.0-beta.2 - 2024-11-22
• 4.0.0-beta.1 - 2024-11-21
• 4.0.0-alpha.36 - 2024-11-21
• 4.0.0-alpha.35 - 2024-11-20
• 4.0.0-alpha.34 - 2024-11-14
• 4.0.0-alpha.33 - 2024-11-12
• 4.0.0-alpha.32 - 2024-11-11
• 4.0.0-alpha.31 - 2024-10-30
• 4.0.0-alpha.30 - 2024-10-24
• 4.0.0-alpha.29 - 2024-10-23
• 4.0.0-alpha.28 - 2024-10-17
• 4.0.0-alpha.27 - 2024-10-15
• 4.0.0-alpha.26 - 2024-10-03
• 4.0.0-alpha.25 - 2024-09-24
• 4.0.0-alpha.24 - 2024-09-12
• 4.0.0-alpha.23 - 2024-09-05
• 4.0.0-alpha.22 - 2024-09-05
• 4.0.0-alpha.21 - 2024-09-02
• 4.0.0-alpha.20 - 2024-08-23
• 4.0.0-alpha.19 - 2024-08-09
• 4.0.0-alpha.18 - 2024-07-25
• 4.0.0-alpha.17 - 2024-07-04
• 4.0.0-alpha.16 - 2024-06-07
• 4.0.0-alpha.15 - 2024-05-08
• 4.0.0-alpha.14 - 2024-04-09
• 4.0.0-alpha.13 - 2024-04-04
• 4.0.0-alpha.12 - 2024-04-04
• 4.0.0-alpha.11 - 2024-03-27
• 4.0.0-alpha.10 - 2024-03-21
• 4.0.0-alpha.9 - 2024-03-13
• 4.0.0-alpha.8 - 2024-03-11
• 4.0.0-alpha.7 - 2024-03-08
• 4.0.0-alpha.6 - 2024-03-07
• 4.0.0-alpha.5 - 2024-03-06
• 4.0.0-alpha.4 - 2024-03-06
• 4.0.0-alpha.3 - 2024-03-06
• 4.0.0-alpha.2 - 2024-03-06
• 4.0.0-alpha.1 - 2024-03-05
• 3.4.17 - 2024-12-17

from tailwindcss GitHub release notes

---

Important

• Warning: This PR contains a major version upgrade, and may be a breaking change.
• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Summary by Sourcery

Upgrade Tailwind CSS dependency to the latest v4.1.7 release to incorporate upstream fixes and improvements and resolve a known security vulnerability.

Bug Fixes:

• Address SNYK-JS-SUPABASEAUTHJS directory traversal vulnerability by bumping the dependency.

Enhancements:

• Upgrade tailwindcss from v3.4.17 to v4.1.7.

[sourcery-ai]

Reviewer's Guide

This PR bumps the Tailwind CSS dependency in the dashboard package from v3 to v4 by updating its version specifier in package.json, triggering a major-version install that may introduce breaking changes in styles or configuration.

State Diagram: Tailwind CSS Version Update in dashboard/package.json

stateDiagram-v2
    direction LR
    state "Version: ^3.4.3" as V3_CSS
    state "Version: ^4.1.7" as V4_CSS

    [*] --> V3_CSS : Current `tailwindcss` version
    V3_CSS --> V4_CSS : PR upgrades dependency
    V4_CSS --> [*] : Updated state

Loading

File-Level Changes

Change	Details	Files
Upgrade Tailwind CSS to v4.1.7	Updated the tailwindcss version specifier from ^3.4.3 to ^4.1.7	dashboard/package.json

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.