Skip to content

Update all non-major dependencies (master)#828

Open
renovate[bot] wants to merge 1 commit into
masterfrom
renovate/master-all-minor-patch
Open

Update all non-major dependencies (master)#828
renovate[bot] wants to merge 1 commit into
masterfrom
renovate/master-all-minor-patch

Conversation

@renovate

@renovate renovate Bot commented Jul 4, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Change Age Confidence
@tailwindcss/vite (source) 4.3.14.3.2 age confidence
@tanstack/react-query (source) 5.101.15.101.2 age confidence
@tanstack/react-query-devtools (source) 5.101.15.101.2 age confidence
@tanstack/react-virtual (source) 3.14.43.14.5 age confidence
i18next (source) 26.3.326.3.4 age confidence
prettier (source) 3.9.13.9.4 age confidence
tailwindcss (source) 4.3.14.3.2 age confidence
vite (source) 8.1.08.1.2 age confidence

Release Notes

tailwindlabs/tailwindcss (@​tailwindcss/vite)

v4.3.2

Compare Source

Fixed
  • Support bare spacing values for auto-rows-* and auto-cols-* utilities (e.g. auto-rows-12 and auto-cols-16) (#​20229)
  • Prevent @tailwindcss/cli in --watch mode from crashing on Windows when @source points to a directory that doesn't exist (#​20242)
  • Prevent @tailwindcss/vite from crashing in Deno v2.8.x when context.parentURL is not a valid URL (#​20245)
  • Ensure @tailwindcss/cli in --watch mode rebuilds when the input CSS file changes in an ignored directory (#​20246)
  • Allow @variant rules used in addBase(…) to use custom variants defined later (#​20247)
  • Prevent @tailwindcss/vite from crashing during HMR when scanned files or directories are deleted (#​20259)
  • Generate font-size instead of color declarations for text-[--spacing(…)] (#​20260)
  • Prevent @source patterns from scanning unrelated sibling files and folders (#​20263)
  • Extract class candidates adjacent to Template Toolkit delimiters like %]…[% in .tt, .tt2, and .tx files (#​20269)
  • Extract class candidates from conditional Maud syntax like p.text-black[condition] (#​20269)
  • Prevent @position-try rules from triggering unknown at-rule warnings when optimizing CSS (#​20277)
  • Support class suggestions for named opacity modifiers from --opacity theme values (#​20287)
  • Prevent type errors in @tailwindcss/postcss when used with newer PostCSS patch releases (#​20289)
TanStack/query (@​tanstack/react-query)

v5.101.2

Compare Source

Patch Changes
TanStack/query (@​tanstack/react-query-devtools)

v5.101.2

Compare Source

Patch Changes
TanStack/virtual (@​tanstack/react-virtual)

v3.14.5

Compare Source

Patch Changes
i18next/i18next (i18next)

v26.3.4

Compare Source

  • fix(security): deepExtend (used by addResourceBundle(..., deep, overwrite)) no longer recurses into inherited properties. It checked key existence with the in operator, which walks the prototype chain, so a source key matching an inherited built-in (e.g. hasOwnProperty, toString) caused recursion into the shared Object.prototype function and, with overwrite: true, could overwrite e.g. Object.prototype.hasOwnProperty.call with a non-callable value — corrupting a shared built-in process-wide (DoS). Existence is now checked with Object.prototype.hasOwnProperty.call, so such keys are copied as plain own data instead. This complements the existing __proto__/constructor guard and is also strictly more correct for an own-property merge. Only affects applications that pass attacker-controlled data with deep: true and overwrite: true; no standard backend/integration does this. Distinct from CVE-2026-48713 / CVE-2026-48714 (different packages, setPath mechanism). See advisory GHSA-6jcc-5g8w-32mx, CVSS 5.9 (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H). Thanks to zx (Jace) @​manus-use for the responsible disclosure.
prettier/prettier (prettier)

v3.9.4

Compare Source

v3.9.3

Compare Source

v3.9.2

Compare Source

vitejs/vite (vite)

v8.1.2

Compare Source

Bug Fixes

v8.1.1

Compare Source

Features
Bug Fixes
Miscellaneous Chores
Code Refactoring
  • css: remove lightningcss null byte bug workaround (#​22822) (2dafd3b)
  • use pre-defined environments variable to avoid duplicate Object.values calls (#​22790) (1113acf)
Tests
  • enable "manual chunk path" test and remove "worker.format error" test (#​22824) (c088511)

Configuration

📅 Schedule: (in timezone Europe/Zurich)

  • Branch creation
    • Only on Sunday and Saturday (* * * * 0,6)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot added the dependencies Pull requests that update a dependency file label Jul 4, 2026
@renovate renovate Bot requested a review from ivy-lgi as a code owner July 4, 2026 00:56
@renovate renovate Bot added the dependencies Pull requests that update a dependency file label Jul 4, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants