chore(deps): update tailwindcss monorepo to ^4.1.17

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
@tailwindcss/postcss (source)	^4.1.5 -> ^4.1.17
tailwindcss (source)	^4.1.5 -> ^4.1.17

---

Release Notes

tailwindlabs/tailwindcss (@​tailwindcss/postcss)

v4.1.17

Compare Source

Fixed

• Substitute @variant inside legacy JS APIs (#​19263)
• Prevent occasional crash on Windows when loaded into a worker thread (#​19242)

v4.1.16

Compare Source

Fixed

• Discard candidates with an empty data type (#​19172)
• Fix canonicalization of arbitrary variants with attribute selectors (#​19176)
• Fix invalid colors due to nested & (#​19184)
• Improve canonicalization for & > :pseudo and & :pseudo arbitrary variants (#​19178)

v4.1.15

Compare Source

Fixed

• Fix Safari devtools rendering issue due to color-mix fallback (#​19069)
• Suppress Lightning CSS warnings about :deep, :slotted, and :global (#​19094)
• Fix resolving theme keys when starting with the name of another theme key in JS configs and plugins (#​19097)
• Allow named groups in combination with not-*, has-*, and in-* (#​19100)
• Prevent important utilities from affecting other utilities (#​19110)
• Don’t index into strings with the theme(…) function (#​19111)
• Fix parsing issue when \t is used in at-rules (#​19130)
• Upgrade: Canonicalize utilities containing 0 values (#​19095)
• Upgrade: Migrate deprecated break-words to wrap-break-word (#​19157)

Changed

• Remove the postinstall script from oxide ([#​19149])(#​19149)

v4.1.14

Compare Source

Fixed

• Handle ' syntax in ClojureScript when extracting classes (#​18888)
• Handle @variant inside @custom-variant (#​18885)
• Merge suggestions when using @utility (#​18900)
• Ensure that file system watchers created when using the CLI are always cleaned up (#​18905)
• Do not generate grid-column utilities when configuring grid-column-start or grid-column-end (#​18907)
• Do not generate grid-row utilities when configuring grid-row-start or grid-row-end (#​18907)
• Prevent duplicate CSS when overwriting a static utility with a theme key (#​18056)
• Show Lightning CSS warnings (if any) when optimizing/minifying (#​18918)
• Use default export condition for @tailwindcss/vite (#​18948)
• Re-throw errors from PostCSS nodes (#​18373)
• Detect classes in markdown inline directives (#​18967)
• Ensure files with only @theme produce no output when built (#​18979)
• Support Maud templates when extracting classes (#​18988)
• Upgrade: Do not migrate variant = 'outline' during upgrades (#​18922)
• Upgrade: Show version mismatch (if any) when running upgrade tool (#​19028)
• Upgrade: Ensure first class inside className is migrated (#​19031)
• Upgrade: Migrate classes inside *ClassName and *Class attributes (#​19031)

v4.1.13

Compare Source

Changed

• Drop warning from browser build (#​18731)
• Drop exact duplicate declarations when emitting CSS (#​18809)

Fixed

• Don't transition visibility when using transition (#​18795)
• Discard matched variants with unknown named values (#​18799)
• Discard matched variants with non-string values (#​18799)
• Show suggestions for known matchVariant values (#​18798)
• Replace deprecated clip with clip-path in sr-only (#​18769)
• Hide internal fields from completions in matchUtilities (#​18820)
• Ignore .vercel folders by default (can be overridden by @source … rules) (#​18855)
• Consider variants starting with @- to be invalid (e.g. @-2xl:flex) (#​18869)
• Do not allow custom variants to start or end with a - or _ (#​18867, #​18872)
• Upgrade: Migrate aria theme keys to @custom-variant (#​18815)
• Upgrade: Migrate data theme keys to @custom-variant (#​18816)
• Upgrade: Migrate supports theme keys to @custom-variant (#​18817)

v4.1.12

Compare Source

Fixed

• Don't consider the global important state in @apply (#​18404)
• Add missing suggestions for flex-<number> utilities (#​18642)
• Fix trailing ) from interfering with extraction in Clojure keywords (#​18345)
• Detect classes inside Elixir charlist, word list, and string sigils (#​18432)
• Track source locations through @plugin and @config (#​18345)
• Allow boolean values of process.env.DEBUG in @tailwindcss/node (#​18485)
• Ignore consecutive semicolons in the CSS parser (#​18532)
• Center the dropdown icon added to an input with a paired datalist by default (#​18511)
• Extract candidates in Slang templates (#​18565)
• Improve error messages when encountering invalid functional utility names (#​18568)
• Discard CSS AST objects with false or undefined properties (#​18571)
• Allow users to disable URL rebasing in @tailwindcss/postcss via transformAssetUrls: false (#​18321)
• Fix false-positive migrations in addEventListener and JavaScript variable names (#​18718)
• Fix Standalone CLI showing default Bun help when run via symlink on Windows (#​18723)
• Read from --border-color-* theme keys in divide-* utilities for backwards compatibility (#​18704)
• Don't scan .hdr and .exr files for classes by default (#​18734)

v4.1.11

Compare Source

Fixed

• Add heuristic to skip candidate migrations inside emit(…) (#​18330)
• Extract candidates with variants in Clojure/ClojureScript keywords (#​18338)
• Document --watch=always in the CLI's usage (#​18337)
• Add support for Vite 7 to @tailwindcss/vite (#​18384)

v4.1.10

Compare Source

Fixed

• Fix incorrectly generated CSS when using percentages in arbitrary values with calc (e.g. w-[calc(100%-var(--offset))]) (#​18289)

v4.1.9

Compare Source

Fixed

• Correctly parse custom properties with strings containing semicolons (#​18251)
• Upgrade: Migrate arbitrary modifiers without percentage signs to bare values (e.g. /[0.16] → /16) (#​18184)
• Upgrade: Migrate CSS variable shorthands where fallback value contains function call (#​18184)
• Upgrade: Migrate negative arbitrary values to negative bare values (e.g. mb-[-32rem] → -mb-128) (#​18212)
• Upgrade: Do not migrate blur in wire:model.blur (#​18216)
• Don't add spaces around CSS dashed idents when formatting math expressions (#​18220)

v4.1.8

Compare Source

Added

• Improve error messages when @apply fails (#​18059)

Fixed

• Upgrade: Do not migrate declarations that look like candidates in <style> blocks (#​18057, 18068)
• Upgrade: Don't error when looking for tailwindcss in pnpm monorepos (#​18065)
• Upgrade: Don't error when updating dependencies in pnpm monorepos (#​18065)
• Upgrade: Migrate deprecated order-none to order-0 (#​18126)
• Support Leptos class: attributes when extracting classes (#​18093)
• Fix "Cannot read properties of undefined" crash on malformed arbitrary value (#​18133)
• Upgrade: Migrate -mt-[0px] to mt-[0px] instead of the other way around (#​18154)
• Fix Haml pre-processing crash when there is no \n at the end of the file (#​18155)
• Ignore .pnpm-store folders by default (can be overridden by @source … rules) (#​18163)
• Fix PostCSS crash when calling toJSON() (#​18083)

v4.1.7

Compare Source

Added

• Upgrade: Migrate bare values to named values (#​18000)
• Upgrade: Added cache to improve template migration performance (#​18025)

Fixed

• Allow _ before numbers during candidate extraction (#​17961)
• Prevent duplicate suggestions when using @theme and @utility together (#​17675)
• Ensure that media queries within ::before and ::after pseudo selectors create valid CSS rules in production builds (#​17979)
• Ensure that the standalone CLI does not leave temporary files behind (#​17981)
• Ensure -rotate-* utilities properly negate arbitrary values (#​18014)
• Ignore custom variants using :merge(…) selectors in legacy JS plugins (#​18020)
• Ensure classes containing . are properly extracted from Clojure files (#​18038)
• Upgrade: Fix error when using @import … source(…) (#​17963)
• Upgrade: Change casing of utilities with named values to kebab-case to match updated theme variables (#​18017)
• Upgrade: Don't migrate strings that match utility names in Vue attribute bindings other than class (#​18025)

v4.1.6

Compare Source

Added

• Upgrade: Automatically convert arbitrary values to named values when possible (e.g. h-[1lh] to h-lh) (#​17831, #​17854)
• Upgrade: Update dependencies in parallel for improved performance (#​17898)
• Add detailed logging about @source directives, discovered files and scanned files when using DEBUG=* (#​17906, #​17952)
• Add support for generating source maps in development (#​17775)

Fixed

• Ensure negative arbitrary scale values generate negative values (#​17831)
• Fix HAML extraction with embedded Ruby (#​17846)
• Don't scan files for utilities when using @reference (#​17836)
• Fix incorrectly replacing _ with in arbitrary modifier shorthand bg-red-500/(--my_opacity) (#​17889)
• Don't scan .log files for classes by default (#​17906)
• Ensure that custom utilities applying other custom utilities don't swallow nested @apply rules (#​17925)
• Download platform specific package if optionalDependencies are skipped (#​17929)

---

Configuration

📅 Schedule: Branch creation - "before 3am on the first day of the month" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate using a curated preset maintained by . View repository job log here

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
are-we-react-19-yet	Error			Nov 18, 2025 11:35pm

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	npm/​eslint-config-next@​15.4.0-canary.55 ⏵ 16.0.2-canary.24	+1		+3	+1
	npm/​next@​15.4.0-canary.55 ⏵ 16.0.2-canary.24	+12	+13	+1	+1
	npm/​tailwindcss@​4.1.5 ⏵ 4.1.17			-1	+1
	npm/​@​tailwindcss/​postcss@​4.1.5 ⏵ 4.1.17			+20	+1

View full report

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		Install-time scripts: npm sharp during install Install script: install Source: node install/check.js || npm run build From: website/pnpm-lock.yaml → npm/[email protected] ℹ Read more on: This package | This alert | What is an install script? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected]. Suggestion: Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report