chore(deps): bump the minor-updates group across 1 directory with 7 updates

[dependabot]

Bumps the minor-updates group with 7 updates in the / directory:

Package	From	To
@tanstack/react-query	5.90.21	5.95.0
framer-motion	12.34.0	12.38.0
graphql	16.12.0	16.13.1
viem	2.46.1	2.47.6
@tailwindcss/postcss	4.1.18	4.2.2
lint-staged	16.2.7	16.4.0
tailwindcss	4.1.18	4.2.2

Updates @tanstack/react-query from 5.90.21 to 5.95.0

Release notes

Sourced from @​tanstack/react-query's releases.

@​tanstack/react-query-devtools@​5.95.0

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-devtools@​5.95.0
  • @​tanstack/react-query@​5.95.0

@​tanstack/react-query-next-experimental@​5.95.0

Patch Changes

• Updated dependencies []:
  • @​tanstack/react-query@​5.95.0

@​tanstack/react-query-persist-client@​5.95.0

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-persist-client-core@​5.95.0
  • @​tanstack/react-query@​5.95.0

@​tanstack/react-query@​5.95.0

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-core@​5.95.0

@​tanstack/react-query-devtools@​5.94.5

Patch Changes

• fix(*): resolve issue about excluded build directory (#10312)

• Updated dependencies [4b6536d]:

  • @​tanstack/query-devtools@​5.94.5
  • @​tanstack/react-query@​5.94.5

@​tanstack/react-query-next-experimental@​5.94.5

Patch Changes

• fix(*): resolve issue about excluded build directory (#10312)

• Updated dependencies [4b6536d]:

  • @​tanstack/react-query@​5.94.5

@​tanstack/react-query-persist-client@​5.94.5

Patch Changes

• fix(*): resolve issue about excluded build directory (#10312)

• Updated dependencies [4b6536d]:

  • @​tanstack/query-persist-client-core@​5.94.5

... (truncated)

Changelog

Sourced from @​tanstack/react-query's changelog.

5.95.0

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-core@​5.95.0

5.94.5

Patch Changes

• fix(*): resolve issue about excluded build directory (#10312)

• Updated dependencies [4b6536d]:

  • @​tanstack/query-core@​5.94.5

5.94.4

Patch Changes

• chore: fixed version (#10064)

• Updated dependencies [4c75210]:

  • @​tanstack/query-core@​5.94.4

5.91.3

Patch Changes

• fix: stop node types from leaking into browser (#10302)

5.91.2

Patch Changes

• fix(streamedQuery): maintain error state on reset refetch with initialData defined (#10287)

• Updated dependencies [248975e]:

  • @​tanstack/query-core@​5.91.2

5.91.1

Patch Changes

• fix(core): cancel paused initial fetch when last observer unsubscribes (#10291)

• Updated dependencies [a89aab9]:

  • @​tanstack/query-core@​5.91.1

5.91.0

... (truncated)

Commits

• 4d7de83 ci: Version Packages (#10317)
• 8fe71e4 ci: Version Packages (#10313)
• c613c22 ci: Version Packages (#10309)
• 9346430 ci: changeset release
• be3746f fix: stop node types from leaking into browser (#10302)
• b6fd86b ci: Version Packages (#10297)
• 79e37cb ci: Version Packages (#10296)
• a89aab9 fix(core): cancel paused initial fetch when last observer unsubscribes (#10291)
• 3761d2b ci: Version Packages (#10290)
• 6fa901b feat/environmentManager (#10199)
• Additional commits viewable in compare view

Updates framer-motion from 12.34.0 to 12.38.0

Changelog

Sourced from framer-motion's changelog.

[12.38.0] 2026-03-16

Added

• Added layoutAnchor prop to configure custom anchor point for resolving relative projection boxes.

Fixed

• Reorder: Fix axis switching after window resize.
• Reorder: Fix with virtualised lists.
• AnimatePresence: Ensure children are removed when exit animation matches current values.

[12.37.0] 2026-03-16

Added

• Support for hardware accelerating "start" and "end" offsets in scroll and useScroll.
• Support for oklch, oklab, lab, lch, color, color-mix, light-dark color types.

Fixed

• Fix whileInView with client-side navigation.
• Fix draggable elements when layout updates due to surrounding element re-renders.
• Improved memory pressure of layout animations.
• Ensure motion value returned from useSpring reports correct isAnimating().

[12.36.0] 2026-03-09

Added

• Allow dragSnapToOrigin to accept "x" or "y" for per-axis snapping.
• Added axis-locked layout animations with layout="x" and layout="y".
• Added skipInitialAnimation to useSpring.

Fixed

• Fixed height and width: auto animations with box-sizing: border-box.
• Reset component values when exit animation finishes.
• Ensure anticipate easing returns 1 at p === 1.
• Fix @emotion/is-prop-valid resolve error in Storybook.
• Remove data-pop-layout-id from exiting elements when animation interrupted.
• Ensure we skip WAAPI for non-animatable keyframes.
• Ensure we skip WAAPI for SVG transforms.
• Ensure MotionValue props are not passed to SVG.
• AnimatePresence: Prevent mode="wait" elements from getting stuck when switched rapidly.

[12.35.2] 2026-03-09

Fixed

... (truncated)

Commits

• 0bfc9fe v12.38.0
• 343cb0c Updating layoutAnchor
• ee99ad2 Updating changelog
• 062660b Updating changgelog
• 303da7d Updating readme
• b075adc Merge pull request #3647 from motiondivision/feat/layout-anchor
• f0991d6 Add missing layoutAnchor !== false guard in attemptToResolveRelativeTarget
• b5798e9 Merge pull request #3642 from motiondivision/worktree-fix-issue-3078
• 7686c19 Merge pull request #3636 from motiondivision/worktree-fix-issue-3061
• a95c487 Fix auto-scroll in reorder-virtualized test page
• Additional commits viewable in compare view

Updates graphql from 16.12.0 to 16.13.1

Release notes

Sourced from graphql's releases.

v16.13.1 (2026-03-04)

First 16.x.x release with trusted publishing and provenance, see: https://docs.npmjs.com/trusted-publishers for additional information.

Docs 📝

• #4433 docs: move migrate from express graphql guide to graphqlJS docs (@​sarahxsanders)

Internal 🏠

• #4608 internal: backport new release flow from 17.x.x (@​yaacovCR)
• #4610 internal: pin node version for release action (@​yaacovCR)

Committers: 2

• Sarah Sanders(@​sarahxsanders)
• Yaacov Rydzinski (@​yaacovCR)

16.13.0

v16.13.0 (2026-02-24)

New Feature 🚀

• #4458 Sibling errors should not be added after propagation (@​yaacovCR)

Bug Fix 🐞

• #4336 add deprecated note to assertValidExecutionArguments (@​yaacovCR)
• #4517 fix(validation): incorrect validation errors when variable descriptions are used (@​phryneas)

Internal 🏠

• #4506 Version packages (@​JoviDeCroock)
• #4514 chore: always ignore scripts (@​benjie)
• #4524 update contributing (@​yaacovCR)

Committers: 4

• Benjie(@​benjie)
• Jovi De Croock(@​JoviDeCroock)
• Lenz Weber-Tronic(@​phryneas)
• Yaacov Rydzinski (@​yaacovCR)

Commits

• 3b5c3f9 internal: pin node version for release action (#4610)
• 6dee435 chore(release): v16.13.1 (#4609)
• c2ad5c6 internal: backport new release flow from 17.x.x (#4608)
• adff4e6 docs: move migrate from express graphql guide to graphqlJS docs (#4433)
• 7569989 16.13.0
• 49450d8 Revert "deprecate (internal) buildResolveInfo in favor of (internal) ResolveI...
• 4149722 deprecate (internal) buildResolveInfo in favor of (internal) ResolveInfo clas...
• 4c057eb add deprecated note to assertValidExecutionArguments (#4336)
• 3f8f27a fix(validation): incorrect validation errors when variable descriptions are u...
• b34a4cd update contributing (#4524)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for graphql since your current version.

Updates viem from 2.46.1 to 2.47.6

Release notes

Sourced from viem's releases.

viem@2.47.6

Patch Changes

• 09d9f3520ce8837cb352e0bf3a7d735b511abd6f Thanks @​jxom! - Updated Ox

• #4401 928ae87a32a13c72c9adf9390172d7b92bf99ce7 Thanks @​ndavd! - Ensured that dataSuffix is applied to all transactions regardless of data presence.

• #4405 4ad0de0ebc543a9054bd7d57976eede1d3612440 Thanks @​jxom! - Added mode parameter to verifyMessage and verifyHash.

viem@2.47.5

Patch Changes

• #4376 64383c9e53cb42e5c371cc8da5a91cdfa47a3331 Thanks @​nowooj! - Added CONX chain.

• #4377 94248ab65c00c6254158e4cd985d8f5eec41f870 Thanks @​Aboudjem! - Fixed unbounded LRU cache growth on iOS 18+.

• a168f08272962f495306f72301a9d6c148428564 Thanks @​tmm! - Updated chain definition.

• #4391 a8c8e6ed4ee40f6259899742a2be20d0772841ce Thanks @​mohamedhesham840! - Fixed incorrect error message for PaymasterStakeTooLowError (code -32505)

• #4403 e8435e340592986fcd9c21a7626ff40b1af1e850 Thanks @​GuillermoEscobero! - Removed Zircuit Mainnet deprecated RPCs and Zircuit old testnet.

• #4385 ee1f2950dc5f8bf51ed9682ac0e9c4d9ef96a7bf Thanks @​pxrl! - Defined DisputeGameFactory for Lisk, Mode & Zora

• #4388 60f701f16217ef099c25184be97dc0e70e686b40 Thanks @​alcuadrado! - Added error preservation in getContractError.

viem@2.47.4

Patch Changes

• 6c3dc97e9d19718580ea8aa4db04f5e065594a49 Thanks @​jxom! - Updated Ox.

viem@2.47.2

Patch Changes

• 1b522780cd9c24339a2d01dbc6ee9638ebf7143c Thanks @​jxom! - Updated ox to 0.14.1.

viem@2.47.1

Patch Changes

• #4383 66457cbb5de7a3086732f9016af798c9ec5222a5 Thanks @​jxom! - Changed default internal_version on access keys to v2.

viem@2.47.0

Minor Changes

• 1adb83804d5f6c3f36d5f293de88532330d52dc7 Thanks @​jxom! - Breaking (viem/tempo): chainId is now required when signing access key authorizations with signKeyAuthorization. It is recommended to use client.accessKey.signAuthorization instead for inferred chain ID.

  import { client } from './viem.config'
  import { Account } from 'viem/tempo'

... (truncated)

Commits

• 3cab404 chore: version package (#4406)
• 1fa5f35 ci: up
• 97d36ef chore: deps
• 09d9f35 chore: up ox
• 0f7837c chore: fmt
• 68e5841 fix: detect 'eth_fillTransaction is not available' as unsupported
• 928ae87 fix: apply dataSuffix from sendTransaction when data is undefined (#4401)
• 4ad0de0 feat: add mode to verifyMessage / verifyHash (#4405)
• 07a1916 tests: up
• 396c13e ci: up
• Additional commits viewable in compare view

Updates @tailwindcss/postcss from 4.1.18 to 4.2.2

Release notes

Sourced from @​tailwindcss/postcss's releases.

v4.2.2

Added

• Support Vite 8 in @tailwindcss/vite (#19790)

Fixed

• Don't crash when candidates contain prototype properties like row-constructor (#19725)
• Canonicalize calc(var(--spacing)*…) expressions into --spacing(…) (#19769)
• Fix crash in canonicalization step when handling utilities containing @property at-rules (e.g. shadow-sm border) (#19727)
• Skip full reload for server only modules scanned by client CSS when using @tailwindcss/vite (#19745)
• Improve canonicalization for bare values exceeding default spacing scale suggestions (e.g. w-1234 h-1234 → size-1234) (#19809)
• Fix canonicalization resulting in empty list (e.g. w-5 h-5 size-5 → '' instead of size-5) (#19812)

v4.2.1

Fixed

• Allow trailing dash in functional utility names for backwards compatibility (#19696)
• Properly detect classes containing . characters within curly braces in MDX files (#19711)

v4.2.0

Added

• Add mauve, olive, mist, and taupe color palettes to the default theme (#19627)
• Add @tailwindcss/webpack package to run Tailwind CSS as a webpack plugin (#19610)
• Add pbs-* and pbe-* utilities for padding-block-start and padding-block-end (#19601)
• Add mbs-* and mbe-* utilities for margin-block-start and margin-block-end (#19601)
• Add scroll-pbs-* and scroll-pbe-* utilities for scroll-padding-block-start and scroll-padding-block-end (#19601)
• Add scroll-mbs-* and scroll-mbe-* utilities for scroll-margin-block-start and scroll-margin-block-end (#19601)
• Add border-bs-* and border-be-* utilities for border-block-start and border-block-end (#19601)
• Add inline-*, min-inline-*, max-inline-* utilities for inline-size, min-inline-size, and max-inline-size (#19612)
• Add block-*, min-block-*, max-block-* utilities for block-size, min-block-size, and max-block-size (#19612)
• Add inset-s-*, inset-e-*, inset-bs-*, inset-be-* utilities for inset-inline-start, inset-inline-end, inset-block-start, and inset-block-end (#19613)
• Add font-features-* utility for font-feature-settings (#19623)

Fixed

• Prevent double @supports wrapper for color-mix values (#19450)
• Allow whitespace around @source inline() argument (#19461)
• Emit comment when source maps are saved to files when using @tailwindcss/cli (#19447)
• Detect utilities containing capital letters followed by numbers (#19465)
• Fix class extraction for Rails' strict locals (#19525)
• Align @utility name validation with Oxide scanner rules (#19524)
• Fix infinite loop when using @variant inside @custom-variant (#19633)
• Allow multiples of .25 in aspect-* fractions (e.g. aspect-8.5/11) (#19688)
• Ensure changes to external files listed via @source trigger a full page reload when using @tailwindcss/vite (#19670)
• Improve performance of Oxide scanner in bigger projects by reducing file system walks (#19632)
• Ensure import aliases in Astro v5 work without crashing when using @tailwindcss/vite (#19677)
• Allow escape characters in @utility names to improve support with formatters such as Biome (#19626)
• Fix incorrect canonicalization results when canonicalizing multiple times (#19675)

... (truncated)

Changelog

Sourced from @​tailwindcss/postcss's changelog.

[4.2.2] - 2026-03-18

Fixed

• Don't crash when candidates contain prototype properties like row-constructor (#19725)
• Canonicalize calc(var(--spacing)*…) expressions into --spacing(…) (#19769)
• Fix crash in canonicalization step when handling utilities containing @property at-rules (e.g. shadow-sm border) (#19727)
• Skip full reload for server only modules scanned by client CSS when using @tailwindcss/vite (#19745)
• Add support for Vite 8 in @tailwindcss/vite (#19790)
• Improve canonicalization for bare values exceeding default spacing scale suggestions (e.g. w-1234 h-1234 → size-1234) (#19809)
• Fix canonicalization resulting in empty list (e.g. w-5 h-5 size-5 → '' instead of size-5) (#19812)
• Resolve tsconfig paths to allow for @import '@/path/to/file'; when using @tailwindcss/vite (#19803)

[4.2.1] - 2026-02-23

Fixed

• Allow trailing dash in functional utility names for backwards compatibility (#19696)
• Properly detect classes containing . characters within curly braces in MDX files (#19711)

[4.2.0] - 2026-02-18

Added

• Add mauve, olive, mist, and taupe color palettes to the default theme (#19627)
• Add @tailwindcss/webpack package to run Tailwind CSS as a webpack plugin (#19610)
• Add pbs-* and pbe-* utilities for padding-block-start and padding-block-end (#19601)
• Add mbs-* and mbe-* utilities for margin-block-start and margin-block-end (#19601)
• Add scroll-pbs-* and scroll-pbe-* utilities for scroll-padding-block-start and scroll-padding-block-end (#19601)
• Add scroll-mbs-* and scroll-mbe-* utilities for scroll-margin-block-start and scroll-margin-block-end (#19601)
• Add border-bs-* and border-be-* utilities for border-block-start and border-block-end (#19601)
• Add inline-*, min-inline-*, max-inline-* utilities for inline-size, min-inline-size, and max-inline-size (#19612)
• Add block-*, min-block-*, max-block-* utilities for block-size, min-block-size, and max-block-size (#19612)
• Add inset-s-*, inset-e-*, inset-bs-*, inset-be-* utilities for inset-inline-start, inset-inline-end, inset-block-start, and inset-block-end (#19613)
• Add font-features-* utility for font-feature-settings (#19623)

Fixed

• Prevent double @supports wrapper for color-mix values (#19450)
• Allow whitespace around @source inline() argument (#19461)
• Emit comment when source maps are saved to files when using @tailwindcss/cli (#19447)
• Detect utilities containing capital letters followed by numbers (#19465)
• Fix class extraction for Rails' strict locals (#19525)
• Align @utility name validation with Oxide scanner rules (#19524)
• Fix infinite loop when using @variant inside @custom-variant (#19633)
• Allow multiples of .25 in aspect-* fractions (e.g. aspect-8.5/11) (#19688)
• Ensure changes to external files listed via @source trigger a full page reload when using @tailwindcss/vite (#19670)
• Improve performance of Oxide scanner in bigger projects by reducing file system walks (#19632)
• Ensure import aliases in Astro v5 work without crashing when using @tailwindcss/vite (#19677)
• Allow escape characters in @utility names to improve support with formatters such as Biome (#19626)

... (truncated)

Commits

• d596b0c 4.2.2 (#19821)
• faa5e88 Cleanup inconsistencies related to (regex) escapes (#19804)
• 1dce64e 4.2.1 (#19714)
• 1b16411 4.2.0 (#19695)
• d9fff9f docs: update package README CI badge to main (#19692)
• 8ed67bf Fix Tailwind CSS package README GitHub links (#19644)
• 1638f35 Bump dependencies (#19608)
• bccf4bb Add @​tailwindcss/webpack loader for Tailwind CSS v4 (#19610)
• 8d5e955 Update dedent 1.7.0 → 1.7.1 (patch) (#19484)
• See full diff in compare view

Updates lint-staged from 16.2.7 to 16.4.0

Release notes

Sourced from lint-staged's releases.

v16.4.0

Minor Changes

• #1739 687fc90 Thanks @​hyperz111! - Replace micromatch with picomatch to reduce dependencies.

v16.3.4

Patch Changes

• #1742 9d6e827 Thanks @​iiroj! - Update dependencies, including tinyexec@1.0.4 to make sure local node_modules/.bin are preferred to global locations (released in tinyexec@1.0.3).

v16.3.3

Patch Changes

• #1740 0109e8d Thanks @​iiroj! - Make sure Git's warning about CRLF line-endings doesn't interfere with creating initial backup stash.

v16.3.2

Patch Changes

• #1735 2adaf6c Thanks @​iiroj! - Hide the extra cmd window on Windows by spawning tasks without the detached option.

v16.3.1

Patch Changes

• #1729 cd5d762 Thanks @​iiroj! - Remove nano-spawn as a dependency from package.json as it was replaced with tinyexec and is no longer used.

v16.3.0

Minor Changes

• #1698 feda37a Thanks @​iiroj! - Run external processes with tinyexec instead of nano-spawn. nano-spawn replaced execa in lint-staged version 16 to limit the amount of npm dependencies required, but caused some unknown issues related to spawning tasks. Let's hope tinyexec improves the situation.

• #1699 1346d16 Thanks @​iiroj! - Remove pidtree as a dependency. When a task fails, its sub-processes are killed more efficiently via the process group on Unix systems, and the taskkill command on Windows.

Patch Changes

• #1726 87467aa Thanks @​iiroj! - Incorrect brace expansions like *.{js} (nothing to expand) are detected exhaustively, instead of just a single pass.

Changelog

Sourced from lint-staged's changelog.

16.4.0

Minor Changes

• #1739 687fc90 Thanks @​hyperz111! - Replace micromatch with picomatch to reduce dependencies.

16.3.4

Patch Changes

• #1742 9d6e827 Thanks @​iiroj! - Update dependencies, including tinyexec@1.0.4 to make sure local node_modules/.bin are preferred to global locations (released in tinyexec@1.0.3).

16.3.3

Patch Changes

• #1740 0109e8d Thanks @​iiroj! - Make sure Git's warning about CRLF line-endings doesn't interfere with creating initial backup stash.

16.3.2

Patch Changes

• #1735 2adaf6c Thanks @​iiroj! - Hide the extra cmd window on Windows by spawning tasks without the detached option.

16.3.1

Patch Changes

• #1729 cd5d762 Thanks @​iiroj! - Remove nano-spawn as a dependency from package.json as it was replaced with tinyexec and is no longer used.

16.3.0

Minor Changes

• #1698 feda37a Thanks @​iiroj! - Run external processes with tinyexec instead of nano-spawn. nano-spawn replaced execa in lint-staged version 16 to limit the amount of npm dependencies required, but caused some unknown issues related to spawning tasks. Let's hope tinyexec improves the situation.

• #1699 1346d16 Thanks @​iiroj! - Remove pidtree as a dependency. When a task fails, its sub-processes are killed more efficiently via the process group on Unix systems, and the taskkill command on Windows.

Patch Changes

• #1726 87467aa Thanks @​iiroj! - Incorrect brace expansions like *.{js} (nothing to expand) are detected exhaustively, instead of just a single pass.

Commits

• 445f9dd chore(changeset): release
• d91be60 docs: update readme to use picomatch
• b392a9f refactor: extract matchFiles and add unit tests
• 687fc90 refactor: replace micromatch with picomatch
• 26dadf9 chore(changeset): release
• 9d6e827 build(deps): update dependencies
• 8aea986 chore(changeset): release
• 0109e8d fix: strip Git CRLF warning from output
• dfd6a7a chore(changeset): release
• 2adaf6c fix(Windows): do not spawn tasks as detached since it opens a cmd window on ...
• Additional commits viewable in compare view

Updates tailwindcss from 4.1.18 to 4.2.2

Release notes

Sourced from tailwindcss's releases.

v4.2.2

Added

• Support Vite 8 in @tailwindcss/vite (#19790)

Fixed

• Don't crash when candidates contain prototype properties like row-constructor (#19725)
• Canonicalize calc(var(--spacing)*…) expressions into --spacing(…) (#19769)
• Fix crash in canonicalization step when handling utilities containing @property at-rules (e.g. shadow-sm border) (#19727)
• Skip full reload for server only modules scanned by client CSS when using @tailwindcss/vite (#19745)
• Improve canonicalization for bare values exceeding default spacing scale suggestions (e.g. w-1234 h-1234 → size-1234) (#19809)
• Fix canonicalization resulting in empty list (e.g. w-5 h-5 size-5 → '' instead of size-5) (#19812)

v4.2.1

Fixed

• Allow trailing dash in functional utility names for backwards compatibility (#19696)
• Properly detect classes containing . characters within curly braces in MDX files (#19711)

v4.2.0

Added

• Add mauve, olive, mist, and taupe color palettes to the default theme (#19627)
• Add @tailwindcss/webpack package to run Tailwind CSS as a webpack plugin (#19610)
• Add pbs-* and pbe-* utilities for padding-block-start and padding-block-end (#19601)
• Add mbs-* and mbe-* utilities for margin-block-start and margin-block-end (#19601)
• Add scroll-pbs-* and scroll-pbe-* utilities for scroll-padding-block-start and scroll-padding-block-end (#19601)
• Add scroll-mbs-* and scroll-mbe-* utilities for scroll-margin-block-start and scroll-margin-block-end (#19601)
• Add border-bs-* and border-be-* utilities for border-block-start and border-block-end (#19601)
• Add inline-*, min-inline-*, max-inline-* utilities for inline-size, min-inline-size, and max-inline-size (#19612)
• Add block-*, min-block-*, max-block-* utilities for block-size, min-block-size, and max-block-size (#19612)
• Add inset-s-*, inset-e-*, inset-bs-*, inset-be-* utilities for inset-inline-start, inset-inline-end, inset-block-start, and inset-block-end (#19613)
• Add font-features-* utility for font-feature-settings (#19623)

Fixed

• Prevent double @supports wrapper for color-mix values (#19450)
• Allow whitespace around @source inline() argument (#19461)
• Emit comment when source maps are saved to files when using @tailwindcss/cli (#19447)
• Detect utilities containing capital letters followed by numbers (#19465)
• Fix class extraction for Rails' strict locals (#19525)
• Align @utility name validation with Oxide scanner rules (#19524)
• Fix infinite loop when using @variant inside @custom-variant (#19633)
• Allow multiples of .25 in aspect-* fractions (e.g. aspect-8.5/11) (#19688)
• Ensure changes to external files listed via @source trigger a full page reload when using @tailwindcss/vite (#19670)
• Improve performance of Oxide scanner in bigger projects by reducing file system walks (#19632)
• Ensure import aliases in Astro v5 work without crashing when using @tailwindcss/vite (#19677)
• Allow escape characters in @utility names to improve support with formatters such as Biome (#19626)
• Fix incorrect canonicalization results when canonicalizing multiple times (#19675)

... (truncated)

Changelog

Sourced from tailwindcss's changelog.

[4.2.2] - 2026-03-18

Fixed

• Don't crash when candidates contain prototype properties like row-constructor (#19725)
• Canonicalize calc(var(--spacing)*…) expressions into --spacing(…) (#19769)
• Fix crash in canonicalization step when handling utilities containing @property at-rules (e.g. shadow-sm border) (#19727)
• Skip full reload for server only modules scanned by client CSS when using @tailwindcss/vite (#19745)
• Add support for Vite 8 in @tailwindcss/vite (#19790)
• Improve canonicalization for bare values exceeding default spacing scale suggestions (e.g. w-1234 h-1234 → size-1234) (#19809)
• Fix canonicalization resulting in empty list (e.g. w-5 h-5 size-5 → '' instead of size-5) (#19812)
• Resolve tsconfig paths to allow for @import '@/path/to/file'; when using @tailwindcss/vite (#19803)

[4.2.1] - 2026-02-23

Fixed

• Allow trailing dash in functional utility names for backwards compatibility (#19696)
• Properly detect classes containing . characters within curly brace...

  Description has been truncated

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
yearnfi	Ready	Preview, Comment	Mar 30, 2026 7:45pm

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 1 package(s) with unknown licenses.

See the Details below.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA 46e1d29.

Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

License Issues

package.json

Package	Version	License	Issue Type
viem	2.47.6	Null	Unknown License

Allowed Licenses:

MIT, Apache-2.0, BSD-3-Clause, BSD-2-Clause, ISC, CC0-1.0, CC-BY-3.0, CC-BY-4.0, Unlicense

OpenSSF Scorecard

Package	Version	Score	Details
npm/@tailwindcss/postcss	4.2.2	🟢 6	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 8 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 2 Found 8/30 approved changesets -- score normalized to 2 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Security-Policy ⚠️ 0 security policy file not detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 License 🟢 10 license file detected Fuzzing 🟢 10 project is fuzzed Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/@tanstack/react-query	5.95.2	Unknown	Unknown
npm/framer-motion	12.38.0	Unknown	Unknown
npm/graphql	16.13.2	🟢 7.8	Details Check Score Reason Code-Review 🟢 5 Found 15/29 approved changesets -- score normalized to 5 Maintained 🟢 10 15 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 4 dependency not pinned by hash detected -- score normalized to 4 License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected SAST 🟢 10 SAST tool is run on all commits
npm/lint-staged	16.4.0	Unknown	Unknown
npm/tailwindcss	4.2.2	🟢 6	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 8 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 2 Found 8/30 approved changesets -- score normalized to 2 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Security-Policy ⚠️ 0 security policy file not detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 License 🟢 10 license file detected Fuzzing 🟢 10 project is fuzzed Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/viem	2.47.6	Unknown	Unknown

Scanned Files

• package.json

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	tailwindcss@​4.1.18 ⏵ 4.2.2	+1		+1
	@​tanstack/​react-query@​5.90.21 ⏵ 5.95.2	+1		+1	+2
	lint-staged@​16.2.7 ⏵ 16.4.0	+1
	viem@​2.46.1 ⏵ 2.47.6	-1		+1	-1
	framer-motion@​12.34.0 ⏵ 12.38.0			+1
	graphql@​16.12.0 ⏵ 16.13.2	+1			+1
	@​tailwindcss/​postcss@​4.1.18 ⏵ 4.2.2	+1

View full report