Skip to content

build(deps): bump the tester-minor-patch group across 1 directory with 9 updates#102

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/web/tester/tester-minor-patch-7c9474f580
Open

build(deps): bump the tester-minor-patch group across 1 directory with 9 updates#102
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/web/tester/tester-minor-patch-7c9474f580

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 18, 2026
edited
Loading

Bumps the tester-minor-patch group with 6 updates in the /web/tester directory:

Package From To
dompurify 3.4.1 3.4.5
@tailwindcss/postcss 4.2.4 4.3.0
@vitest/browser 4.1.5 4.1.6
jsdom 29.1.0 29.1.1
postcss 8.5.12 8.5.14
vite 8.0.10 8.0.13

Updates dompurify from 3.4.1 to 3.4.5

Release notes

Sourced from dompurify's releases.

DOMPurify 3.4.5

  • Fixed a bypass caused by the new HTML element selectedcontent added in 3.4.4, thanks @​KabirAcharya

Note that this is a security release for an issue introduced in 3.4.4 and should be upgraded to immediately.

DOMPurify 3.4.4

  • Added the selectedcontent element to default allow-list, thanks @​lukewarlow
  • Added the command and commandfor attributes to default allowed-list, thanks @​lukewarlow
  • Added better template scrubbing for IN_PLACE operations, thanks @​DEMON1A
  • Added stronger checks for cross-realm windows, thanks @​DEMON1A & @​fg0x0
  • Updated demo website and made sure it uses the latest from main
  • Updated existing workflows, fuzzer, dependabot, etc., added more tests
  • Bumped several dependencies where possible

🚨 This release had been flagged as deprecated, please use DOMPurify 3.4.5 instead 🚨

DOMPurify 3.4.3

  • Fixed an issue with handling of nested Shadow DOM trees, thanks @​fishjojo1
  • Fixed the template regexes to be more robust against ReDoS attacks, thanks @​aleung27
  • Updated the node iteration code to catch more Shadow DOM related issues
  • Updated Playwright and added Node 26 to test matrix
  • Updated existing workflows, fuzzer, release signing, etc., added more tests
  • Bumped several dependencies where possible

DOMPurify 3.4.2

  • Fixed an issue with URI validation on attributes allowed via ADD_ATTR callback, thanks @​nelstrom
  • Fixed an issue with source maps referring to non-existing files, thanks @​cmdcolin
  • Updated existing workflows, fuzzer, release signing, etc., added more tests
  • Bumped several dependencies where possible
Commits

Updates @tailwindcss/postcss from 4.2.4 to 4.3.0

Release notes

Sourced from @​tailwindcss/postcss's releases.

v4.3.0

Added

  • Add @container-size utility (#18901)
  • Add scrollbar-{auto,thin,none} utilities for scrollbar-width, and scrollbar-thumb-* / scrollbar-track-* color utilities for scrollbar-color (#19981, #20019)
  • Add scrollbar-gutter-* utilities (#20018)
  • Add zoom-* utilities (#20020)
  • Add tab-* utilities (#20022)
  • Allow using @variant with stacked variants (e.g. @variant hover:focus { … }) (#19996)
  • Allow using @variant with compound variants (e.g. @variant hover, focus { … }) (#19996)
  • Support --default(…) in --value(…) and --modifier(…) for functional @utility definitions (#19989)

Fixed

  • Ensure @plugin resolves package JavaScript entries instead of browser CSS entries when using @tailwindcss/vite (#19949)
  • Fix relative @import and @plugin paths resolving from the wrong directory when using @tailwindcss/vite (#19965)
  • Ensure CSS files containing @variant are processed by @tailwindcss/vite (#19966)
  • Resolve imports relative to base when result.opts.from is not provided when using @tailwindcss/postcss (#19980)
  • Canonicalization: preserve significant _ whitespace in arbitrary values (#19986)
  • Canonicalization: add parentheses when removing whitespace from arbitrary values would hurt readability (e.g. w-[calc(100%---spacing(60))]w-[calc(100%-(--spacing(60)))]) (#19986)
  • Canonicalization: preserve the original unit in arbitrary values instead of normalizing to base units (e.g. -mt-[20in]mt-[-20in], not mt-[-1920px]) (#19988)
  • Canonicalization: migrate arbitrary :has() variants from [&:has(…)] to has-[…] (#19991)
  • Upgrade: don’t migrate inline style attributes (e.g. style="flex-grow: 1"style="flex-grow: 1", not style="grow: 1") (#19918)
  • Allow multiple @utility definitions with the same name but different value types (#19777)
  • Export missing PluginWithConfig type from tailwindcss/plugin to fix errors when inferring plugin config types (#19707)
  • Ensure start and end legacy utilities without values do not generate CSS (#20003)
  • Ensure --value(…) is required in functional @utility definitions (#20005)
  • Canonicalization: preserve required whitespace around operators in negated arbitrary values (e.g. -left-[(var(--a)+var(--b))]) (#20011)
Changelog

Sourced from @​tailwindcss/postcss's changelog.

[4.3.0] - 2026-05-08

Added

  • Add @container-size utility (#18901)
  • Add scrollbar-{auto,thin,none} utilities for scrollbar-width, and scrollbar-thumb-* / scrollbar-track-* color utilities for scrollbar-color (#19981, #20019)
  • Add scrollbar-gutter-* utilities (#20018)
  • Add zoom-* utilities (#20020)
  • Add tab-* utilities (#20022)
  • Allow using @variant with stacked variants (e.g. @variant hover:focus { … }) (#19996)
  • Allow using @variant with compound variants (e.g. @variant hover, focus { … }) (#19996)
  • Support --default(…) in --value(…) and --modifier(…) for functional @utility definitions (#19989)

Fixed

  • Ensure @plugin resolves package JavaScript entries instead of browser CSS entries when using @tailwindcss/vite (#19949)
  • Fix relative @import and @plugin paths resolving from the wrong directory when using @tailwindcss/vite (#19965)
  • Ensure CSS files containing @variant are processed by @tailwindcss/vite (#19966)
  • Resolve imports relative to base when result.opts.from is not provided when using @tailwindcss/postcss (#19980)
  • Canonicalization: preserve significant _ whitespace in arbitrary values (#19986)
  • Canonicalization: add parentheses when removing whitespace from arbitrary values would hurt readability (e.g. w-[calc(100%---spacing(60))]w-[calc(100%-(--spacing(60)))]) (#19986)
  • Canonicalization: preserve the original unit in arbitrary values instead of normalizing to base units (e.g. -mt-[20in]mt-[-20in], not mt-[-1920px]) (#19988)
  • Canonicalization: migrate arbitrary :has() variants from [&:has(…)] to has-[…] (#19991)
  • Upgrade: don’t migrate inline style attributes (e.g. style="flex-grow: 1"style="flex-grow: 1", not style="grow: 1") (#19918)
  • Allow multiple @utility definitions with the same name but different value types (#19777)
  • Export missing PluginWithConfig type from tailwindcss/plugin to fix errors when inferring plugin config types (#19707)
  • Ensure start and end legacy utilities without values do not generate CSS (#20003)
  • Ensure --value(…) is required in functional @utility definitions (#20005)
  • Canonicalization: preserve required whitespace around operators in negated arbitrary values (e.g. -left-[(var(--a)+var(--b))]) (#20011)
Commits

Updates @vitest/browser from 4.1.5 to 4.1.6

Release notes

Sourced from @​vitest/browser's releases.

v4.1.6

   🐞 Bug Fixes

   🏎 Performance

    View changes on GitHub
Commits
  • a8fd24c chore: release v4.1.6
  • 18af98c fix(browser): simplify orchestrator otel carrier (#10285)
  • 3188260 feat(browser): provide project reference in ToMatchScreenshotResolvePath (#...
  • See full diff in compare view

Updates jsdom from 29.1.0 to 29.1.1

Release notes

Sourced from jsdom's releases.

v29.1.1

  • Fixed 'border-radius' computed style serialization. (@​asamuzaK)
  • Fixed computed style computation when using 'background-origin' and 'background-clip' CSS properties. (@​asamuzaK)
  • Significantly optimized initial calls to getComputedStyle(), before the cache warms up. (@​asamuzaK)
Commits

Updates postcss from 8.5.12 to 8.5.14

Release notes

Sourced from postcss's releases.

8.5.14

8.5.13

  • Fixed postcss-scss commend regression.
Changelog

Sourced from postcss's changelog.

8.5.14

8.5.13

  • Fixed postcss-scss commend regression.
Commits

Updates tailwindcss from 4.2.4 to 4.3.0

Release notes

Sourced from tailwindcss's releases.

v4.3.0

Added

  • Add @container-size utility (#18901)
  • Add scrollbar-{auto,thin,none} utilities for scrollbar-width, and scrollbar-thumb-* / scrollbar-track-* color utilities for scrollbar-color (#19981, #20019)
  • Add scrollbar-gutter-* utilities (#20018)
  • Add zoom-* utilities (#20020)
  • Add tab-* utilities (#20022)
  • Allow using @variant with stacked variants (e.g. @variant hover:focus { … }) (#19996)
  • Allow using @variant with compound variants (e.g. @variant hover, focus { … }) (#19996)
  • Support --default(…) in --value(…) and --modifier(…) for functional @utility definitions (#19989)

Fixed

  • Ensure @plugin resolves package JavaScript entries instead of browser CSS entries when using @tailwindcss/vite (#19949)
  • Fix relative @import and @plugin paths resolving from the wrong directory when using @tailwindcss/vite (#19965)
  • Ensure CSS files containing @variant are processed by @tailwindcss/vite (#19966)
  • Resolve imports relative to base when result.opts.from is not provided when using @tailwindcss/postcss (#19980)
  • Canonicalization: preserve significant _ whitespace in arbitrary values (#19986)
  • Canonicalization: add parentheses when removing whitespace from arbitrary values would hurt readability (e.g. w-[calc(100%---spacing(60))]w-[calc(100%-(--spacing(60)))]) (#19986)
  • Canonicalization: preserve the original unit in arbitrary values instead of normalizing to base units (e.g. -mt-[20in]mt-[-20in], not mt-[-1920px]) (#19988)
  • Canonicalization: migrate arbitrary :has() variants from [&:has(…)] to has-[…] (#19991)
  • Upgrade: don’t migrate inline style attributes (e.g. style="flex-grow: 1"style="flex-grow: 1", not style="grow: 1") (#19918)
  • Allow multiple @utility definitions with the same name but different value types (#19777)
  • Export missing PluginWithConfig type from tailwindcss/plugin to fix errors when inferring plugin config types (#19707)
  • Ensure start and end legacy utilities without values do not generate CSS (#20003)
  • Ensure --value(…) is required in functional @utility definitions (#20005)
  • Canonicalization: preserve required whitespace around operators in negated arbitrary values (e.g. -left-[(var(--a)+var(--b))]) (#20011)
Changelog

Sourced from tailwindcss's changelog.

[4.3.0] - 2026-05-08

Added

  • Add @container-size utility (#18901)
  • Add scrollbar-{auto,thin,none} utilities for scrollbar-width, and scrollbar-thumb-* / scrollbar-track-* color utilities for scrollbar-color (#19981, #20019)
  • Add scrollbar-gutter-* utilities (#20018)
  • Add zoom-* utilities (#20020)
  • Add tab-* utilities (#20022)
  • Allow using @variant with stacked variants (e.g. @variant hover:focus { … }) (#19996)
  • Allow using @variant with compound variants (e.g. @variant hover, focus { … }) (#19996)
  • Support --default(…) in --value(…) and --modifier(…) for functional @utility definitions (#19989)

Fixed

  • Ensure @plugin resolves package JavaScript entries instead of browser CSS entries when using @tailwindcss/vite (#19949)
  • Fix relative @import and @plugin paths resolving from the wrong directory when using @tailwindcss/vite (#19965)
  • Ensure CSS files containing @variant are processed by @tailwindcss/vite (#19966)
  • Resolve imports relative to base when result.opts.from is not provided when using @tailwindcss/postcss (#19980)
  • Canonicalization: preserve significant _ whitespace in arbitrary values (#19986)
  • Canonicalization: add parentheses when removing whitespace from arbitrary values would hurt readability (e.g. w-[calc(100%---spacing(60))]w-[calc(100%-(--spacing(60)))]) (#19986)
  • Canonicalization: preserve the original unit in arbitrary values instead of normalizing to base units (e.g. -mt-[20in]mt-[-20in], not mt-[-1920px]) (#19988)
  • Canonicalization: migrate arbitrary :has() variants from [&:has(…)] to has-[…] (#19991)
  • Upgrade: don’t migrate inline style attributes (e.g. style="flex-grow: 1"style="flex-grow: 1", not style="grow: 1") (#19918)
  • Allow multiple @utility definitions with the same name but different value types (#19777)
  • Export missing PluginWithConfig type from tailwindcss/plugin to fix errors when inferring plugin config types (#19707)
  • Ensure start and end legacy utilities without values do not generate CSS (#20003)
  • Ensure --value(…) is required in functional @utility definitions (#20005)
  • Canonicalization: preserve required whitespace around operators in negated arbitrary values (e.g. -left-[(var(--a)+var(--b))]) (#20011)
Commits

Updates vite from 8.0.10 to 8.0.13

Release notes

Sourced from vite's releases.

v8.0.13

Please refer to CHANGELOG.md for details.

v8.0.12

Please refer to CHANGELOG.md for details.

v8.0.11

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

8.0.13 (2026-05-14)

Features

  • bundled-dev: add lazy bundling support (#21406) (4f0949f)
  • optimizer: improve the esbuild plugin converter to pass some properties of build result to onEnd (#22357) (47071ce)
  • update rolldown to 1.0.1 (#22444) (8c766a6)

Bug Fixes

  • build: copy public directory after building same environment with write=false (#22328) (158e8ae)
  • css: await sass/less/styl worker disposal on teardown (fix #22274) (#22275) (b7edcb7)
  • css: keep deprecated name/originalFileName in synthetic assetFileNames call (#22439) (8e59c97)
  • make isBundled per environment (#22257) (a576326)
  • ssr: avoid rewriting labels that collide with imports (#22451) (d9b18e0)

Miscellaneous Chores

8.0.12 (2026-05-11)

Features

Bug Fixes

  • deps: update all non-major dependencies (#22420) (2be6000)
  • module-runner: prevent partial-exports race on concurrent imports of in-flight invalidated re-export chains (#22369) (f5a22e6)
  • refer to rolldownOptions instead of deprecated rollupOptions in messages (#22400) (b675c7b)
  • worker: apply build.target to worker bundle (#22404) (3c93fde)
  • worker: forward define to worker bundle transform (#22408) (d4838a0)

Miscellaneous Chores

8.0.11 (2026-05-07)

Features

Bug Fixes

  • deps: update all non-major dependencies (#22334) (672c962)
  • deps: update all non-major dependencies (#22382) (5c0cfcb)
  • glob: align hmr matcher options with glob enumeration (#22306) (30028f9)
  • make separate object instance for each environment (#22276) (7c2aa3b)

... (truncated)

Commits
  • a46f11a release: v8.0.13
  • d9b18e0 fix(ssr): avoid rewriting labels that collide with imports (#22451)
  • 4f0949f feat(bundled-dev): add lazy bundling support (#21406)
  • 158e8ae fix(build): copy public directory after building same environment with `write...
  • 47071ce feat(optimizer): improve the esbuild plugin converter to pass some properties...
  • 8e59c97 fix(css): keep deprecated name/originalFileName in synthetic `assetFileNa...
  • a576326 fix: make isBundled per environment (#22257)
  • 8c766a6 feat: update rolldown to 1.0.1 (#22444)
  • b7edcb7 fix(css): await sass/less/styl worker disposal on teardown (fix #22274) (#22275)
  • fcdc87c chore: update changelog (#22413)
  • Additional commits viewable in compare view

Updates vitest from 4.1.5 to 4.1.6

Release notes

Sourced from vitest's releases.

v4.1.6

   🐞 Bug Fixes

   🏎 Performance

    View changes on GitHub
Commits
  • a8fd24c chore: release v4.1.6
  • 18af98c fix(browser): simplify orchestrator otel carrier (#10285)
  • 3188260 feat(browser): provide project reference in ToMatchScreenshotResolvePath (#...
  • See full diff in compare view

Updates @vitest/coverage-v8 from 4.1.5 to 4.1.6

Release notes

Sourced from @​vitest/coverage-v8's releases.

v4.1.6

   🐞 Bug Fixes

   🏎 Performance

    View changes on GitHub
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
build(deps): bump the tester-minor-patch group across 1 directory wit…
2aa2f6a 
…h 9 updates

Bumps the tester-minor-patch group with 6 updates in the /web/tester directory:

| Package | From | To |
| --- | --- | --- |
| [dompurify](https://github.com/cure53/DOMPurify) | `3.4.1` | `3.4.5` |
| [@tailwindcss/postcss](https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/@tailwindcss-postcss) | `4.2.4` | `4.3.0` |
| [@vitest/browser](https://github.com/vitest-dev/vitest/tree/HEAD/packages/browser) | `4.1.5` | `4.1.6` |
| [jsdom](https://github.com/jsdom/jsdom) | `29.1.0` | `29.1.1` |
| [postcss](https://github.com/postcss/postcss) | `8.5.12` | `8.5.14` |
| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `8.0.10` | `8.0.13` |



Updates `dompurify` from 3.4.1 to 3.4.5
- [Release notes](https://github.com/cure53/DOMPurify/releases)
- [Commits](cure53/DOMPurify@3.4.1...3.4.5)

Updates `@tailwindcss/postcss` from 4.2.4 to 4.3.0
- [Release notes](https://github.com/tailwindlabs/tailwindcss/releases)
- [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tailwindlabs/tailwindcss/commits/v4.3.0/packages/@tailwindcss-postcss)

Updates `@vitest/browser` from 4.1.5 to 4.1.6
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.6/packages/browser)

Updates `jsdom` from 29.1.0 to 29.1.1
- [Release notes](https://github.com/jsdom/jsdom/releases)
- [Commits](jsdom/jsdom@v29.1.0...v29.1.1)

Updates `postcss` from 8.5.12 to 8.5.14
- [Release notes](https://github.com/postcss/postcss/releases)
- [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md)
- [Commits](postcss/postcss@8.5.12...8.5.14)

Updates `tailwindcss` from 4.2.4 to 4.3.0
- [Release notes](https://github.com/tailwindlabs/tailwindcss/releases)
- [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tailwindlabs/tailwindcss/commits/v4.3.0/packages/tailwindcss)

Updates `vite` from 8.0.10 to 8.0.13
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v8.0.13/packages/vite)

Updates `vitest` from 4.1.5 to 4.1.6
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.6/packages/vitest)

Updates `@vitest/coverage-v8` from 4.1.5 to 4.1.6
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.6/packages/coverage-v8)

---
updated-dependencies:
- dependency-name: dompurify
  dependency-version: 3.4.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: tester-minor-patch
- dependency-name: "@tailwindcss/postcss"
  dependency-version: 4.3.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: tester-minor-patch
- dependency-name: "@vitest/browser"
  dependency-version: 4.1.6
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: tester-minor-patch
- dependency-name: jsdom
  dependency-version: 29.1.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: tester-minor-patch
- dependency-name: postcss
  dependency-version: 8.5.14
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: tester-minor-patch
- dependency-name: tailwindcss
  dependency-version: 4.3.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: tester-minor-patch
- dependency-name: vite
  dependency-version: 8.0.13
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: tester-minor-patch
- dependency-name: vitest
  dependency-version: 4.1.6
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: tester-minor-patch
- dependency-name: "@vitest/coverage-v8"
  dependency-version: 4.1.6
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: tester-minor-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label May 18, 2026
@dependabot dependabot Bot requested a review from a team as a code owner May 18, 2026 10:20
@dependabot dependabot Bot added the javascript Pull requests that update javascript code label May 18, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants