[Snyk] Upgrade tailwindcss from 3.3.2 to 4.1.14

[nerdy-tech-com-gitub]

Snyk has created this PR to upgrade tailwindcss from 3.3.2 to 4.1.14.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 103 versions ahead of your current version.

• The recommended version was released a month ago.

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Excessive Platform Resource Consumption within a Loop SNYK-JS-BRACES-6838727	57	Proof of Concept
	Server-side Request Forgery (SSRF) SNYK-JS-NEXT-12299318	57	Proof of Concept
	Uncontrolled Recursion SNYK-JS-NEXT-8186172	57	No Known Exploit
	Missing Authorization SNYK-JS-NEXT-8520073	57	No Known Exploit
	Denial of Service (DoS) SNYK-JS-WS-7266574	57	Proof of Concept
	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	57	Proof of Concept
	Inefficient Regular Expression Complexity SNYK-JS-MICROMATCH-6838728	57	No Known Exploit
	Improper Input Validation SNYK-JS-NANOID-8492085	57	No Known Exploit
	Race Condition SNYK-JS-NEXT-10176058	57	Proof of Concept
	Use of Cache Containing Sensitive Information SNYK-JS-NEXT-12301496	57	No Known Exploit
	Resource Exhaustion SNYK-JS-NEXT-6032387	57	Proof of Concept
	Improper Input Validation SNYK-JS-POSTCSS-5926692	57	No Known Exploit
	Improper Input Validation SNYK-JS-POSTCSS-5926692	57	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-BRACEEXPANSION-9789073	57	Proof of Concept
	Missing Source Correlation of Multiple Independent Data SNYK-JS-NEXT-12265451	57	No Known Exploit
	Improper Authorization SNYK-JS-NEXT-9508709	57	Mature

Release notes

Package name: tailwindcss

• 4.1.14 - 2025-10-01
  

  Fixed

  • Handle ' syntax in ClojureScript when extracting classes (#18888)
  • Handle @ variant inside @ custom-variant (#18885)
  • Merge suggestions when using @ utility (#18900)
  • Ensure that file system watchers created when using the CLI are always cleaned up (#18905)
  • Do not generate grid-column utilities when configuring grid-column-start or grid-column-end (#18907)
  • Do not generate grid-row utilities when configuring grid-row-start or grid-row-end (#18907)
  • Prevent duplicate CSS when overwriting a static utility with a theme key (#18056)
  • Show Lightning CSS warnings (if any) when optimizing/minifying (#18918)
  • Use default export condition for @ tailwindcss/vite (#18948)
  • Re-throw errors from PostCSS nodes (#18373)
  • Detect classes in markdown inline directives (#18967)
  • Ensure files with only @ theme produce no output when built (#18979)
  • Support Maud templates when extracting classes (#18988)
  • Upgrade: Do not migrate variant = 'outline' during upgrades (#18922)
  • Upgrade: Show version mismatch (if any) when running upgrade tool (#19028)
  • Upgrade: Ensure first class inside className is migrated (#19031)
  • Upgrade: Migrate classes inside *ClassName and *Class attributes (#19031)
• 4.1.13 - 2025-09-04
  

  Changed

  • Drop warning from browser build (#18731)
  • Drop exact duplicate declarations when emitting CSS (#18809)

  Fixed

  • Don't transition visibility when using transition (#18795)
  • Discard matched variants with unknown named values (#18799)
  • Discard matched variants with non-string values (#18799)
  • Show suggestions for known matchVariant values (#18798)
  • Replace deprecated clip with clip-path in sr-only (#18769)
  • Hide internal fields from completions in matchUtilities (#18820)
  • Ignore .vercel folders by default (can be overridden by @ source … rules) (#18855)
  • Consider variants starting with @- to be invalid (e.g. @-2xl:flex) (#18869)
  • Do not allow custom variants to start or end with a - or _ (#18867, #18872)
  • Upgrade: Migrate aria theme keys to @ custom-variant (#18815)
  • Upgrade: Migrate data theme keys to @ custom-variant (#18816)
  • Upgrade: Migrate supports theme keys to @ custom-variant (#18817)
• 4.1.12 - 2025-08-14
  

  Fixed

  • Don't consider the global important state in @ apply (#18404)
  • Add missing suggestions for flex-<number> utilities (#18642)
  • Fix trailing ) from interfering with extraction in Clojure keywords (#18345)
  • Detect classes inside Elixir charlist, word list, and string sigils (#18432)
  • Track source locations through @ plugin and @ config (#18345)
  • Allow boolean values of process.env.DEBUG in @ tailwindcss/node (#18485)
  • Ignore consecutive semicolons in the CSS parser (#18532)
  • Center the dropdown icon added to an input with a paired datalist by default (#18511)
  • Extract candidates in Slang templates (#18565)
  • Improve error messages when encountering invalid functional utility names (#18568)
  • Discard CSS AST objects with false or undefined properties (#18571)
  • Allow users to disable URL rebasing in @ tailwindcss/postcss via transformAssetUrls: false (#18321)
  • Fix false-positive migrations in addEventListener and JavaScript variable names (#18718)
  • Fix Standalone CLI showing default Bun help when run via symlink on Windows (#18723)
  • Read from --border-color-* theme keys in divide-* utilities for backwards compatibility (#18704)
  • Don't scan .hdr and .exr files for classes by default (#18734)
• 4.1.11 - 2025-06-26
  

  Fixed

  • Add heuristic to skip candidate migrations inside emit(…) (#18330)
  • Extract candidates with variants in Clojure/ClojureScript keywords (#18338)
  • Document --watch=always in the CLI's usage (#18337)
  • Add support for Vite 7 to @ tailwindcss/vite (#18384)
• 4.1.10 - 2025-06-11
  

  Fixed

  • Fix incorrectly generated CSS when using percentages in arbitrary values with calc (e.g. w-[calc(100%-var(--offset))]) (#18289)
• 4.1.9 - 2025-06-11
  

  Fixed

  • Correctly parse custom properties with strings containing semicolons (#18251)
  • Upgrade: Migrate arbitrary modifiers without percentage signs to bare values (e.g. /[0.16] → /16) (#18184)
  • Upgrade: Migrate CSS variable shorthands where fallback value contains function call (#18184)
  • Upgrade: Migrate negative arbitrary values to negative bare values (e.g. mb-[-32rem] → -mb-128) (#18212)
  • Upgrade: Do not migrate blur in wire:model.blur (#18216)
  • Don't add spaces around CSS dashed idents when formatting math expressions (#18220)
• 4.1.8 - 2025-05-28
  

  Added

  • Improve error messages when @ apply fails (#18059)

  Fixed

  • Upgrade: Do not migrate declarations that look like candidates in <style> blocks (#18057, 18068)
  • Upgrade: Don't error when looking for tailwindcss in pnpm monorepos (#18065)
  • Upgrade: Don't error when updating dependencies in pnpm monorepos (#18065)
  • Upgrade: Migrate deprecated order-none to order-0 (#18126)
  • Support Leptos class: attributes when extracting classes (#18093)
  • Fix "Cannot read properties of undefined" crash on malformed arbitrary value (#18133)
  • Upgrade: Migrate -mt-[0px] to mt-[0px] instead of the other way around (#18154)
  • Fix Haml pre-processing crash when there is no \n at the end of the file (#18155)
  • Ignore .pnpm-store folders by default (can be overridden by @ source … rules) (#18163)
  • Fix PostCSS crash when calling toJSON() (#18083)
• 4.1.7 - 2025-05-15
• 4.1.6 - 2025-05-09
• 4.1.5 - 2025-04-30
• 4.1.4 - 2025-04-14
• 4.1.3 - 2025-04-04
• 4.1.2 - 2025-04-03
• 4.1.1 - 2025-04-02
• 4.1.0 - 2025-04-01
• 4.0.17 - 2025-03-26
• 4.0.16 - 2025-03-25
• 4.0.15 - 2025-03-20
• 4.0.14 - 2025-03-13
• 4.0.13 - 2025-03-11
• 4.0.12 - 2025-03-07
• 4.0.11 - 2025-03-06
• 4.0.10 - 2025-03-05
• 4.0.9 - 2025-02-25
• 4.0.8 - 2025-02-21
• 4.0.7 - 2025-02-18
• 4.0.6 - 2025-02-10
• 4.0.5 - 2025-02-08
• 4.0.4 - 2025-02-06
• 4.0.3 - 2025-02-01
• 4.0.2 - 2025-01-31
• 4.0.1 - 2025-01-29
• 4.0.0 - 2025-01-21
• 4.0.0-beta.10 - 2025-01-21
• 4.0.0-beta.9 - 2025-01-09
• 4.0.0-beta.8 - 2024-12-17
• 4.0.0-beta.7 - 2024-12-13
• 4.0.0-beta.6 - 2024-12-06
• 4.0.0-beta.5 - 2024-12-04
• 4.0.0-beta.4 - 2024-11-29
• 4.0.0-beta.3 - 2024-11-27
• 4.0.0-beta.2 - 2024-11-22
• 4.0.0-beta.1 - 2024-11-21
• 4.0.0-alpha.36 - 2024-11-21
• 4.0.0-alpha.35 - 2024-11-20
• 4.0.0-alpha.34 - 2024-11-14
• 4.0.0-alpha.33 - 2024-11-12
• 4.0.0-alpha.32 - 2024-11-11
• 4.0.0-alpha.31 - 2024-10-30
• 4.0.0-alpha.30 - 2024-10-24
• 4.0.0-alpha.29 - 2024-10-23
• 4.0.0-alpha.28 - 2024-10-17
• 4.0.0-alpha.27 - 2024-10-15
• 4.0.0-alpha.26 - 2024-10-03
• 4.0.0-alpha.25 - 2024-09-24
• 4.0.0-alpha.24 - 2024-09-12
• 4.0.0-alpha.23 - 2024-09-05
• 4.0.0-alpha.22 - 2024-09-05
• 4.0.0-alpha.21 - 2024-09-02
• 4.0.0-alpha.20 - 2024-08-23
• 4.0.0-alpha.19 - 2024-08-09
• 4.0.0-alpha.18 - 2024-07-25
• 4.0.0-alpha.17 - 2024-07-04
• 4.0.0-alpha.16 - 2024-06-07
• 4.0.0-alpha.15 - 2024-05-08
• 4.0.0-alpha.14 - 2024-04-09
• 4.0.0-alpha.13 - 2024-04-04
• 4.0.0-alpha.12 - 2024-04-04
• 4.0.0-alpha.11 - 2024-03-27
• 4.0.0-alpha.10 - 2024-03-21
• 4.0.0-alpha.9 - 2024-03-13
• 4.0.0-alpha.8 - 2024-03-11
• 4.0.0-alpha.7 - 2024-03-08
• 4.0.0-alpha.6 - 2024-03-07
• 4.0.0-alpha.5 - 2024-03-06
• 4.0.0-alpha.4 - 2024-03-06
• 4.0.0-alpha.3 - 2024-03-06
• 4.0.0-alpha.2 - 2024-03-06
• 4.0.0-alpha.1 - 2024-03-05
• 3.4.18 - 2025-10-01
  

  Fixed

  • Improve support for raw supports-[…] queries in arbitrary values (#13605)
  • Fix require.cache error when loaded through a TypeScript file in Node 22.18+ (#18665)
  • Support import.meta.resolve(…) in configs for new enough Node.js versions (#18938)
  • Allow using newer versions of postcss-load-config for better ESM and TypeScript PostCSS config support with the CLI (#18938)
  • Remove irrelevant utility rules when matching important classes (#19030)
• 3.4.17 - 2024-12-17
• 3.4.16 - 2024-12-03
• 3.4.15 - 2024-11-14
• 3.4.14 - 2024-10-15
• 3.4.13 - 2024-09-23
• 3.4.12 - 2024-09-17
• 3.4.11 - 2024-09-11
• 3.4.10 - 2024-08-13
• 3.4.9 - 2024-08-08
• 3.4.8 - 2024-08-07
• 3.4.7 - 2024-07-25
• 3.4.6 - 2024-07-16
• 3.4.5 - 2024-07-15
• 3.4.4 - 2024-06-05
• 3.4.3 - 2024-03-27
• 3.4.2 - 2024-03-27
• 3.4.1 - 2024-01-05
• 3.4.0 - 2023-12-19
• 3.3.7 - 2023-12-18
• 3.3.6 - 2023-12-04
• 3.3.5 - 2023-10-25
• 3.3.4 - 2023-10-24
• 3.3.3 - 2023-07-13
• 3.3.2 - 2023-04-25

from tailwindcss GitHub release notes

---

Important

• Warning: This PR contains a major version upgrade, and may be a breaking change.
• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs