chore(deps): bump the npm_and_yarn group across 1 directory with 9 updates

[dependabot]

Bumps the npm_and_yarn group with 9 updates in the / directory:

Package	From	To
@aws-sdk/client-s3	3.1053.0	3.1068.0
@aws-sdk/lib-storage	3.1053.0	3.1068.0
axios	1.16.1	1.18.0
react	19.2.6	19.2.7
@types/react	19.2.15	19.2.17
react-dom	19.2.6	19.2.7
react-router-dom	7.15.1	7.17.0
sharp	0.34.5	0.35.1
tailwindcss	4.3.0	4.3.1

Updates @aws-sdk/client-s3 from 3.1053.0 to 3.1068.0

Release notes

Sourced from @​aws-sdk/client-s3's releases.

v3.1068.0

3.1068.0(2026-06-12)

Documentation Changes

• client-iam: Updating documentation for select service-specific credential APIs (f572228a)

New Features

• clients: update client endpoints as of 2026-06-12 (3f89d039)
• client-acm: Certificate transparency logging opt-out is no longer available. Per compliance requirements, all public ACM certificates are automatically recorded in certificate transparency logs. The CertificateTransparencyLoggingPreference option is deprecated. (ca60b0f9)
• client-eks: Patches missing enum values for EKS updates (c2df34dc)
• client-sagemaker-runtime: Added support for inline request payloads to the InvokeEndpointAsync operation to allow users to provide the inference payload directly in the request Body (up to 128,000 bytes) as an alternative to uploading the payload to Amazon S3 and passing InputLocation. (c4e229dd)
• client-glue: Adds support for retrieving Apache Iceberg table metadata via GetTable. Use the new AttributesToGet parameter with LATEST ICEBERG METADATA to receive schema, partition specs, sort orders, and table properties in the response. (f45445f9)
• client-firehose: Update KeyARN in DeliveryStreamEncryptionConfigurationInput to accept KMS key ARNs only (not alias ARNs), matching service behavior. (80837cd3)
• client-bedrock-agentcore: Added tagging and CMK support across optimization, an explanation field in recommendation output, and an insights feature to identify failure patterns, extract user intents, and summarize execution behavior (1c06496f)
• client-devops-agent: Adds support for Trigger CRUD APIs (CreateTrigger, GetTrigger, UpdateTrigger, DeleteTrigger, ListTriggers) for managing schedule-based automation triggers in DevOps Agent agent spaces. (7139cf1e)
• client-bedrock-agentcore-control: Added tagging and CMK support for optimizations and an insights feature to identify failure patterns, extract user intents, and summarize execution behavior (571ac1e7)

---

For list of updated packages, view updated-packages.md in assets-3.1068.0.zip

v3.1067.0

3.1067.0(2026-06-11)

Documentation Changes

• suggest UndiciHttpHandler as an alternative request handler (#8092) (bd18a9f0)

New Features

• client-eks: Introduce new CreateCluster parameters for Amazon EKS local clusters on AWS Outposts. Added etcdInstanceType for configuring the EC2 instance type for dedicated etcd instances, and spreadLevel for configuring the placement group spread level for Kubernetes control plane and etcd instances. (383363d5)
• client-omics: Adds support for workflowName in the ListRuns API response. (fa2f4604)
• client-neptune: Amazon Neptune now supports IPv6 dual-stack networking. You can create and manage Neptune DB clusters accessible over both IPv4 and IPv6 by specifying NetworkType as DUAL in CreateDBCluster, ModifyDBCluster, RestoreDBClusterFromSnapshot, and RestoreDBClusterToPointInTime API operations (ae089f94)
• client-bedrock-agentcore: Adds support to perform cross account data plane actions on an AgentCore Memory resource (8d92e480)
• client-healthlake: Adds the UpdateFHIRDatastore API and adds analytics, NLP, and profile configuration support to CreateFHIRDatastore and DescribeFHIRDatastore. (c74ab005)
• client-bedrock-agentcore-control: Supports deterministic metadata for AgentCore Memory (af7a995a)
• client-support: Adding new BDD representation of endpoint ruleset (cd9dac21)

---

For list of updated packages, view updated-packages.md in assets-3.1067.0.zip

v3.1066.0

3.1066.0(2026-06-10)

New Features

... (truncated)

Changelog

Sourced from @​aws-sdk/client-s3's changelog.

3.1068.0 (2026-06-12)

Note: Version bump only for package @​aws-sdk/client-s3

3.1067.0 (2026-06-11)

Note: Version bump only for package @​aws-sdk/client-s3

3.1066.0 (2026-06-10)

Note: Version bump only for package @​aws-sdk/client-s3

3.1065.0 (2026-06-09)

Note: Version bump only for package @​aws-sdk/client-s3

3.1064.0 (2026-06-08)

Note: Version bump only for package @​aws-sdk/client-s3

3.1063.0 (2026-06-05)

Note: Version bump only for package @​aws-sdk/client-s3

3.1062.0 (2026-06-04)

... (truncated)

Commits

• 0632f6d Publish v3.1068.0
• 0a3246f Publish v3.1067.0
• 4b11912 Publish v3.1066.0
• e4ef6c5 test: use crypto.randomUUID for resource names in e2e tests (#8091)
• 62daf07 Publish v3.1065.0
• bac7175 Publish v3.1064.0
• 86792c5 chore(scripts): update pkg json linting (#8082)
• 85dabf4 Publish v3.1063.0
• 9bd1a86 chore: update author URL in package.json (#8080)
• f5235bb Publish v3.1062.0
• Additional commits viewable in compare view

Updates @aws-sdk/lib-storage from 3.1053.0 to 3.1068.0

Release notes

Sourced from @​aws-sdk/lib-storage's releases.

v3.1068.0

3.1068.0(2026-06-12)

Documentation Changes

• client-iam: Updating documentation for select service-specific credential APIs (f572228a)

New Features

• clients: update client endpoints as of 2026-06-12 (3f89d039)
• client-acm: Certificate transparency logging opt-out is no longer available. Per compliance requirements, all public ACM certificates are automatically recorded in certificate transparency logs. The CertificateTransparencyLoggingPreference option is deprecated. (ca60b0f9)
• client-eks: Patches missing enum values for EKS updates (c2df34dc)
• client-sagemaker-runtime: Added support for inline request payloads to the InvokeEndpointAsync operation to allow users to provide the inference payload directly in the request Body (up to 128,000 bytes) as an alternative to uploading the payload to Amazon S3 and passing InputLocation. (c4e229dd)
• client-glue: Adds support for retrieving Apache Iceberg table metadata via GetTable. Use the new AttributesToGet parameter with LATEST ICEBERG METADATA to receive schema, partition specs, sort orders, and table properties in the response. (f45445f9)
• client-firehose: Update KeyARN in DeliveryStreamEncryptionConfigurationInput to accept KMS key ARNs only (not alias ARNs), matching service behavior. (80837cd3)
• client-bedrock-agentcore: Added tagging and CMK support across optimization, an explanation field in recommendation output, and an insights feature to identify failure patterns, extract user intents, and summarize execution behavior (1c06496f)
• client-devops-agent: Adds support for Trigger CRUD APIs (CreateTrigger, GetTrigger, UpdateTrigger, DeleteTrigger, ListTriggers) for managing schedule-based automation triggers in DevOps Agent agent spaces. (7139cf1e)
• client-bedrock-agentcore-control: Added tagging and CMK support for optimizations and an insights feature to identify failure patterns, extract user intents, and summarize execution behavior (571ac1e7)

---

For list of updated packages, view updated-packages.md in assets-3.1068.0.zip

v3.1067.0

3.1067.0(2026-06-11)

Documentation Changes

• suggest UndiciHttpHandler as an alternative request handler (#8092) (bd18a9f0)

New Features

• client-eks: Introduce new CreateCluster parameters for Amazon EKS local clusters on AWS Outposts. Added etcdInstanceType for configuring the EC2 instance type for dedicated etcd instances, and spreadLevel for configuring the placement group spread level for Kubernetes control plane and etcd instances. (383363d5)
• client-omics: Adds support for workflowName in the ListRuns API response. (fa2f4604)
• client-neptune: Amazon Neptune now supports IPv6 dual-stack networking. You can create and manage Neptune DB clusters accessible over both IPv4 and IPv6 by specifying NetworkType as DUAL in CreateDBCluster, ModifyDBCluster, RestoreDBClusterFromSnapshot, and RestoreDBClusterToPointInTime API operations (ae089f94)
• client-bedrock-agentcore: Adds support to perform cross account data plane actions on an AgentCore Memory resource (8d92e480)
• client-healthlake: Adds the UpdateFHIRDatastore API and adds analytics, NLP, and profile configuration support to CreateFHIRDatastore and DescribeFHIRDatastore. (c74ab005)
• client-bedrock-agentcore-control: Supports deterministic metadata for AgentCore Memory (af7a995a)
• client-support: Adding new BDD representation of endpoint ruleset (cd9dac21)

---

For list of updated packages, view updated-packages.md in assets-3.1067.0.zip

v3.1066.0

3.1066.0(2026-06-10)

New Features

... (truncated)

Changelog

Sourced from @​aws-sdk/lib-storage's changelog.

3.1068.0 (2026-06-12)

Note: Version bump only for package @​aws-sdk/lib-storage

3.1067.0 (2026-06-11)

Note: Version bump only for package @​aws-sdk/lib-storage

3.1066.0 (2026-06-10)

Note: Version bump only for package @​aws-sdk/lib-storage

3.1065.0 (2026-06-09)

Note: Version bump only for package @​aws-sdk/lib-storage

3.1064.0 (2026-06-08)

Note: Version bump only for package @​aws-sdk/lib-storage

3.1063.0 (2026-06-05)

Note: Version bump only for package @​aws-sdk/lib-storage

3.1062.0 (2026-06-04)

... (truncated)

Commits

• 0632f6d Publish v3.1068.0
• 0a3246f Publish v3.1067.0
• 4b11912 Publish v3.1066.0
• 62daf07 Publish v3.1065.0
• bac7175 Publish v3.1064.0
• 86792c5 chore(scripts): update pkg json linting (#8082)
• 85dabf4 Publish v3.1063.0
• 9bd1a86 chore: update author URL in package.json (#8080)
• f5235bb Publish v3.1062.0
• 71df2cc Publish v3.1061.0
• Additional commits viewable in compare view

Updates axios from 1.16.1 to 1.18.0

Release notes

Sourced from axios's releases.

v1.18.0 — June 13, 2026

This release hardens redirect and URL handling, improves the validateStatus configuration semantics, and includes updates to documentation, dependencies, and release metadata.

🔒 Security Fixes

• Redirect Header Safety: Added Node HTTP adapter support for stripping caller-specified sensitive headers on cross-origin redirects, helping prevent custom auth headers such as API keys from leaking to another origin. (#10892)

• URL And Request Hardening: Rejects malformed http: and https: URLs that omit // with ERR_INVALID_URL, while tightening prototype-pollution-safe config reads, stream size limits, FormData depth handling, data URL sizing, and local NO_PROXY matching. (#11000)

🐛 Bug Fixes

• Status Validation: Added transitional.validateStatusUndefinedResolves so applications can opt in to treating validateStatus: undefined like the option was omitted, while validateStatus: null remains the explicit way to accept every status. (#10899)

🔧 Maintenance & Chores

• Documentation: Published the v1.17.0 release notes, fixed a changelog typo, clarified the package update PR policy, and marked the proxy request config as Node.js-only in the advanced docs. (#10984, #10988, #10992, #10995)

• Dependencies: Bumped @babel/core, @babel/preset-env, @commitlint/cli, @commitlint/config-conventional, @rollup/plugin-babel, @rollup/plugin-commonjs, @vitest/browser, @vitest/browser-playwright, eslint, lint-staged, rollup, vitest, and actions/checkout. (#10989, #10996, #10997)

• Release Metadata: Prepared the 1.18.0 release by updating package metadata and the runtime VERSION value. (#11003)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

• @​drori12 (#10984)
• @​eyupcanakman (#10899)
• @​Adi-Beker (#10995)

Full Changelog

v1.17.0 — June 1, 2026

This release adds Node HTTP zstd decompression, hardens config and release workflows, and fixes authentication, header, proxy, and type-handling regressions.

🔒 Security Fixes

• Config Hardening: Guarded socketPath, params, and paramsSerializer reads with own-property checks to prevent inherited prototype values from affecting request behavior, including SSRF-sensitive paths. (#10901, #10922)
• Release Publishing: Switched the publish workflow to npm staged publishing for safer, auditable package releases with provenance. (#10926)

🚀 New Features

• HTTP Compression: Added Node HTTP adapter support for zstd response decompression, with transitional.advertiseZstdAcceptEncoding controlling whether zstd is advertised in Accept-Encoding. (#6792, #10920)

🐛 Bug Fixes

• Authentication Handling: Restored Basic auth on same-origin Node redirects while continuing to strip credentials cross-origin, and aligned the fetch adapter with HTTP adapter behavior for URL-embedded Basic auth. (#10929, #10896)
• Proxy TLS: Preserved user httpsAgent TLS options when tunneling HTTPS requests through HTTP CONNECT proxies. (#10957)
• React Native FormData: Cleared default Content-Type for React Native FormData so multipart boundaries can be generated correctly. (#10898)

... (truncated)

Changelog

Sourced from axios's changelog.

Changelog

v1.17.0 — June 1, 2026

This release adds Node HTTP zstd decompression, hardens config and release workflows, and fixes authentication, header, proxy, and type-handling regressions.

🔒 Security Fixes

• Config Hardening: Guarded socketPath, params, and paramsSerializer reads with own-property checks to prevent inherited prototype values from affecting request behavior, including SSRF-sensitive paths. (#10901, #10922)
• Release Publishing: Switched the publish workflow to npm staged publishing for safer, auditable package releases with provenance. (#10926)

🚀 New Features

• HTTP Compression: Added Node HTTP adapter support for zstd response decompression, with transitional.advertiseZstdAcceptEncoding controlling whether zstd is advertised in Accept-Encoding. (#6792, #10920)

🐛 Bug Fixes

• Authentication Handling: Restored Basic auth on same-origin Node redirects while continuing to strip credentials cross-origin, and aligned the fetch adapter with HTTP adapter behavior for URL-embedded Basic auth. (#10929, #10896)
• Proxy TLS: Preserved user httpsAgent TLS options when tunneling HTTPS requests through HTTP CONNECT proxies. (#10957)
• React Native FormData: Cleared default Content-Type for React Native FormData so multipart boundaries can be generated correctly. (#10898)
• Headers: Silently skipped empty or whitespace-only header names instead of throwing, matching parsed-header behavior and avoiding React Native response crashes. (#10875)
• Request Data Merging: Preserved enumerable symbol keys when cloning plain request data through axios merge logic. (#10812)
• Bundler Compatibility: Converted resolveConfig from an arrow default export to a named function export to avoid webpack and Babel transform interop failures. (#10891)
• Types: Corrected AxiosHeaders.toJSON() return types and updated CommonJS isCancel typings to narrow to CanceledError<T>. (#10956, #10952)
• Build Tooling: Avoided emitting a null Authorization header from the GitHub build helper when GITHUB_TOKEN is unset. (#10931)

🔧 Maintenance & Chores

• HTTP/2 Internals: Extracted Http2Sessions into its own helper module and added direct unit coverage for session pooling, timeout, and cleanup behavior. (#10861)
• Package Publishing: Reduced published package size by switching to a files allowlist and dropping unneeded unminified bundle source maps. (#10939)
• CI and Release Automation: Added bundle-size reporting, moved reports to the job summary, fixed bundle-size comparison coverage, added Node 26 to the matrix, pinned npm for staged publishing, and prepared the 1.17.0 release. (#10907, #10911, #10916, #10927, #10935, #10983)
• Developer Workflow: Added a dev container and iterated on OpenSpec workflow files before removing them from the release branch. (#10925, #10914, #10958)
• Documentation and Policy: Updated disclosure, contributor, collaboration, threat-model, advanced docs, README badges, release notes, moderator configuration, and project metadata. (#10890, #10889, #10921, #10945, #10905, #10933, #10915, #10887, #10955)
• Dependencies: Bumped Babel tooling, Commitlint, ESLint, Rollup, Globals, Vitest, Playwright, fs-extra, qs, docs dependencies, and GitHub Actions dependencies including actions/dependency-review-action and zizmorcore/zizmor-action. (#10871, #10879, #10918, #10919, #10934, #10947, #10954, #10960)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

• @​BasixKOR (#6792)
• @​carladams1299-lab (#10861)
• @​LaplaceYoung (#10812)
• @​JamieMagee (#10939)
• @​RonGamzu (#10905)
• @​sapirbaruch (#10891)
• @​nezukoagent (#10901)
• @​devareddy05 (#10929)
• @​Mohammad-Faiz-Cloud-Engineer (#10922)
• @​azandabot (#10931)
• @​niksy (#10896)

... (truncated)

Commits

• 2d06f96 chore(release): prepare release 1.18.0 (#11003)
• 32fc489 fix: malformed http urls (#11000)
• b40ce49 chore(deps-dev): bump the development_dependencies group with 10 updates (#10...
• fe964f9 docs: mark proxy config as Node.js only (#10995)
• 5f229d2 chore(deps): bump actions/checkout from 6.0.2 to 6.0.3 in the github-actions ...
• fae9d4e docs: clarify package update PR policy (#10992)
• 28ab2ce chore(deps-dev): bump the development_dependencies group with 2 updates (#10989)
• a8e4f13 fix(core): keep default validateStatus when request passes undefined (#10899)
• 614f455 docs: publish v1.17.0 release notes (#10988)
• 6bb12c1 fix: custom auth headers not stripped on cross-origin redirects (#10892)
• Additional commits viewable in compare view

Updates react from 19.2.6 to 19.2.7

Release notes

Sourced from react's releases.

19.2.7 (June 1st, 2026)

React Server Components

• Fixed missing FormData entries in Server Actions which regressed in 19.2.6 (#36566 by @​unstubbable)

Commits

• 6117d7c Version 19.2.7 (#36591)
• See full diff in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for react since your current version.

Updates @types/react from 19.2.15 to 19.2.17

Commits

• See full diff in compare view

Updates react-dom from 19.2.6 to 19.2.7

Release notes

Sourced from react-dom's releases.

19.2.7 (June 1st, 2026)

React Server Components

• Fixed missing FormData entries in Server Actions which regressed in 19.2.6 (#36566 by @​unstubbable)

Commits

• 6117d7c Version 19.2.7 (#36591)
• See full diff in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for react-dom since your current version.

Updates react-router-dom from 7.15.1 to 7.17.0

Changelog

Sourced from react-router-dom's changelog.

v7.17.0

Patch Changes

• Updated dependencies:
  • react-router@7.17.0

v7.16.0

Patch Changes

• Remove stale/invalid unpkg field from package.json. This was removed from other packages with the release of v7 but missed in the react-router-dom re-export package (#15075)
• Updated dependencies:
  • react-router@7.16.0

Commits

• 195a0d0 Release v7.17.0 (#15145)
• 8984d23 Release v7.16.0 (#15105)
• 3ed77af chore: format
• e96962b fix: remove stale unpkg field from react-router-dom (#15075)
• See full diff in compare view

Updates sharp from 0.34.5 to 0.35.1

Release notes

Sourced from sharp's releases.

v0.35.1

• TypeScript: Ensure type definitions are published for both ESM and CJS. #4537

• WebAssembly: Ensure wrapper file is published. #4538

v0.35.1-rc.1

• TypeScript: Ensure type definitions are published for both ESM and CJS. #4537

• WebAssembly: Ensure wrapper file is published. #4538

v0.35.1-rc.0

• TypeScript: Ensure type definitions are published #4537

• WebAssembly: Ensure wrapper file is published. #4538

v0.35.0

• Breaking: Drop support for Node.js 18, now requires Node.js >= 20.9.0.

• Breaking: Remove install script from package.json file. Compiling from source is now opt-in via the build script.

• Breaking: Lossy AVIF output is now tuned using SSIMULACRA2-based iq quality metrics.

• Breaking: Add limitInputChannels with a default value of 5.

• Breaking: Remove deprecated failOnError constructor property.

• Breaking: Remove deprecated paletteBitDepth from metadata response.

• Breaking: Remove deprecated properties from sharpen operation.

• Breaking: Rename format.jp2k as format.jp2 for API consistency.

• Upgrade to libvips v8.18.3 for upstream bug fixes.

• Remove experimental status from WebAssembly binaries.

• Add prebuilt binaries for FreeBSD (WebAssembly).

• Deprecate Windows 32-bit (win32-ia32) prebuilt binaries.

• Ensure TIFF output bitdepth option is limited to 1, 2 or 4.

• Add AVIF/HEIF tune option for control over quality metrics.

... (truncated)

Commits

• d781a2d Release v0.35.1
• 84fa853 Prerelease v0.35.1-rc.1
• 21263c3 TypeScript: Switch type defs to ESM, convert back to CJS #4537
• 8deceb4 Docs: fix link in changelog (#4541)
• c9f08eb Revert "Docs: Highlight that Windows ARM64 support is experimental" (#4540)
• 3ec892f Prerelease v0.35.1-rc.0
• fbdeac5 CI: Run packaging linter on sub-packages
• 1da92b3 WebAssembly: Ensure wrapper file is published #4538
• 32c029e Add packaging linter to help prevent regression e.g. #4537
• 98dc1df TypeScript: Ensure type definitions are published #4537
• Additional commits viewable in compare view

Updates @types/react from 19.2.15 to 19.2.17

Commits

• See full diff in compare view

Updates tailwindcss from 4.3.0 to 4.3.1

Release notes

Sourced from tailwindcss's releases.

v4.3.1

Added

• Add --silent option to suppress output in @tailwindcss/cli (#20100)

Fixed

• Remove deprecation warnings by using Module#registerHooks instead of Module#register on Node 26+ (#20028)
• Canonicalization: don't crash when plugin utilities throw for unsupported values (#20052)
• Allow @apply to be used with CSS mixins (#19427)
• Ensure not-* correctly negates @container queries, including style(…) queries (#20059)
• Ensure drop-shadow-* color utilities work with custom shadow values containing calc(…) (#20080)
• Fix 'Sourcemap is likely to be incorrect' warnings when using @tailwindcss/vite (#20103)
• Ensure @tailwindcss/webpack can be installed in Rspack projects without requiring webpack as a peer dependency (#20027)
• Canonicalization: don't suggest invalid calc(…) expressions (e.g. px-[calc(1rem+0px)] → px-[calc(1rem+0)]) (#20127)
• Canonicalization: avoid suggesting large spacing-scale values for arbitrary lengths (e.g. left-[99999px] → left-[99999px], not left-24999.75) (#20130)
• Ensure @tailwindcss/cli in --watch mode recovers when a tracked dependency is deleted and restored (#20137)
• Ensure standalone @tailwindcss/cli binaries are ignored when scanning for class candidates (#20139)
• Ensure class candidates are extracted from Twig addClass(…) and removeClass(…) calls (#20198)
• Don't crash in the Ruby or Vue preprocessors when scanning files containing invalid UTF-8 bytes (#19588)
• Allow @variant to be used inside addBase (#19480)
• Ensure @source globs with symlinks are preserved (#20203)
• Ensure later @source rules can re-include files excluded by earlier @source not rules (#20203)
• Upgrade: don't migrate empty class rules to invalid @utility rules (#20205)
• Ensure transitions between inset-shadow-none and other inset shadows work correctly (#20208)
• Ensure explicitly referenced @source directories are scanned even when ignored by git (#20214)
• Ensure @source globs ending in **/* preserve dynamic path segments to avoid scanning too many files (#20217)
• Canonicalization: don't fold calc(…) divisions when the result would require high precision (e.g. w-[calc(100%/3.5)] → w-[calc(100%/3.5)], not w-[28.571428571428573%]) (#20221)
• Serve ESM type declarations to ESM importers of @tailwindcss/postcss (#20228)

Changed

• Generate 0 instead of calc(var(--spacing) * 0) for spacing utilities like m-0 and left-0 (#20196)
• Generate var(--spacing) instead of calc(var(--spacing) * 1) for spacing utilities like m-1 and left-1 (#20196)

Changelog

Sourced from tailwindcss's changelog.

[4.3.1] - 2026-06-12

Added

• Add --silent option to suppress output in @tailwindcss/cli (#20100)

Fixed

• Remove deprecation warnings by using Module#registerHooks instead of Module#register on Node 26+ (#20028)
• Canonicalization: don't crash when plugin utilities throw for unsupported values (#20052)
• Allow @apply to be used with CSS mixins (#19427)
• Ensure not-* correctly negates @container queries, including style(…) queries (#20059)
• Ensure drop-shadow-* color utilities work with custom shadow values containing calc(…) (#20080)
• Fix 'Sourcemap is likely to be incorrect' warnings when using @tailwindcss/vite (#20103)
• Ensure @tailwindcss/webpack can be installed in Rspack projects without requiring webpack as a peer dependency (#20027)
• Canonicalization: don't suggest invalid calc(…) expressions (e.g. px-[calc(1rem+0px)] → px-[calc(1rem+0)]) (#20127)
• Canonicalization: avoid suggesting large spacing-scale values for arbitrary lengths (e.g. left-[99999px] → left-[99999px], not left-24999.75) (#20130)
• Ensure @tailwindcss/cli in --watch mode recovers when a tracked dependency is deleted and restored (#20137)
• Ensure standalone @tailwindcss/cli binaries are ignored when scanning for class candidates (#20139)
• Ensure class candidates are extracted from Twig addClass(…) and removeClass(…) calls (#20198)
• Don't crash in the Ruby or Vue preprocessors when scanning files containing invalid UTF-8 bytes (#19588)
• Allow @variant to be used inside addBase (#19480)
• Ensure @source globs with symlinks are preserved (#20203)
• Ensure later @source rules can re-include files excluded by earlier @source not rules (#20203)
• Upgrade: don't migrate empty class rules to invalid @utility rules (#20205)
• Ensure transitions between inset-shadow-none and other inset shadows work correctly (#20208)
• Ensure explicitly referenced @source directories are scanned even when ignored by git (#20214)
• Ensure @source globs ending in **/* preserve dynamic path segments to avoid scanning too many files (#20217)
• Canonicalization: don't fold calc(…) divisions when the result would require high precision (e.g. w-[calc(100%/3.5)] → w-[calc(100%/3.5)], not w-[28.571428571428573%]) (#20221)
• Serve ESM type declarations to ESM importers of @tailwindcss/postcss (#20228)

Changed

• Generate 0 instead of calc(var(--spacing) * 0) for spacing utilities like m-0 and left-0 (#20196)
• Generate var(--spacing) instead of calc(var(--spacing) * 1) for spacing utilities like m-1 and left-1 (#20196)

Commits

• 8a14a71 4.3.1 (#20226)
• 12833aa Fix canonicalization bug where we end up with a high precision number (#20221)
• 97a5b3a docs: fix double word 'to to' in test comment (#20216)
• d01e103 Add missing inset keyword for inset-shadow-none (#20208)
• ad66939 Allow @variant to be used inside addBase (#19480)
• efae52c Simplify CSS when using utilities that use a *-0 or *-1 value (#20196)
• 6b43b64 Canonicalization: limit arbitrary to bare values conversion (#20130)
• d4f24c5 Fix invalid canonicalization where 0\<unit> was migrated to 0 (#20127)
• 749c45e Expose index and siblings on walk context (#20109)
• 8dcdb66 Bump dependencies (#20095)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabo...

Description has been truncated

[cloudflare-workers-and-pages]

Deploying frameworks with    Cloudflare Pages

Latest commit:	58660ec
Status:	✅  Deploy successful!
Preview URL:	https://686b2f5e.frameworks-573.pages.dev
Branch Preview URL:	https://dependabot-npm-and-yarn-deve-74ba.frameworks-573.pages.dev

View logs