chore(deps): update tailwindcss monorepo to v4.1.4

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
@tailwindcss/postcss (source)	4.0.17 -> 4.1.4
tailwindcss (source)	4.0.17 -> 4.1.4

---

Release Notes

tailwindlabs/tailwindcss (@​tailwindcss/postcss)

v4.1.4

Compare Source

Added

• Add experimental @tailwindcss/oxide-wasm32-wasi target for running Tailwind in browser environments like StackBlitz (#​17558)

Fixed

• Ensure color-mix(…) polyfills do not cause used CSS variables to be removed (#​17555)
• Ensure color-mix(…) polyfills create fallbacks for theme variables that reference other theme variables (#​17562)
• Fix brace expansion in declining ranges like {10..0..5} and {0..10..-5} (#​17591)
• Work around a Chrome rendering bug when using the skew-* utilities (#​17627)
• Ensure container query variant names can contain hyphens (#​17628)
• Ensure shadow-inherit, inset-shadow-inherit, drop-shadow-inherit, and text-shadow-inherit inherit the shadow color (#​17647)
• Ensure compatibility with array tuples used in fontSize JS theme keys (#​17630)
• Ensure folders with binary file extensions in their names are scanned for utilities (#​17595)
• Upgrade: Convert fontSize array tuple syntax to CSS theme variables (#​17630)

v4.1.3

Compare Source

Fixed

• Show warning when using unsupported bare value data type in --value(…) (#​17464)
• PostCSS: Ensure changes to the input CSS file don't generate stale output when using Turbopack (#​17554)
• Ensure classes are detected in Ruby's %w syntax in Slim templates (#​17557)

v4.1.2

Compare Source

Fixed

• Don't rely on the presence of @layer base to polyfill @property (#​17506)
• Support setting multiple inset shadows as arbitrary values (#​17523)
• Fix drop-shadow-* utilities that are defined with multiple shadows (#​17515)
• PostCSS: Fix race condition when two changes are queued concurrently (#​17514)
• PostCSS: Ensure files containing @tailwind utilities are processed (#​17514)
• Ensure the color-mix(…) polyfill creates fallbacks even when using colors that cannot be statically analyzed (#​17513)
• Fix slow incremental builds with @tailwindcss/vite and @tailwindcss/postscss (especially on Windows) (#​17511)
• Vite: Fix missing CSS file in Qwik setups (#​17533)

v4.1.1

Compare Source

Fixed

• Disable padding in @source inline(…) brace expansion (#​17491)
• Inject polyfills after @import and body-less @layer (#​17493)
• Ensure @tailwindcss/cli does not contain an import for jiti (#​17502)

v4.1.0

Compare Source

Added

• Add details-content variant (#​15319)
• Add inverted-colors variant (#​11693)
• Add noscript variant (#​11929, #​17431)
• Add items-baseline-last and self-baseline-last utilities (#​13888, #​17476)
• Add pointer-none, pointer-coarse, and pointer-fine variants (#​16946)
• Add any-pointer-none, any-pointer-coarse, and any-pointer-fine variants (#​16941)
• Add safe alignment utilities (#​14607)
• Add user-valid and user-invalid variants (#​12370)
• Add wrap-anywhere, wrap-break-word, and wrap-normal utilities (#​12128)
• Add @source inline(…) and @source not inline(…) (#​17147)
• Add @source not "…" (#​17255)
• Add text-shadow-* utilities (#​17389)
• Add mask-* utilities (#​17134)
• Add bg-{position,size}-* utilities for arbitrary values (#​17432)
• Add shadow-*/<alpha>, inset-shadow-*/<alpha>, drop-shadow-*/<alpha>, and text-shadow-*/<alpha> utilities to control shadow opacity (#​17398, #​17434)
• Add drop-shadow-<color> utilities (#​17434)
• Improve compatibility with older versions of Safari and Firefox (#​17435)

Fixed

• Follow symlinks when resolving @source directives (#​17391)
• Don't scan ignored files for classes when changing an ignored file triggers a rebuild using @tailwindcss/cli (#​17255)
• Support negated content rules in legacy JavaScript configuration (#​17255)
• Interpret syntax like @("@​")md:… as @md:… in Razor files (#​17427)
• Disallow top-level braces, top-level semicolons, and unbalanced parentheses and brackets in arbitrary values (#​17361)
• Ensure the --theme(…) function still resolves to the CSS variables when using legacy JS plugins (#​17458)
• Detect used theme variables in CSS module files (#​17433, #​17467)

Changed

• Ignore node_modules by default (can be overridden by @source … rules) (#​17255)
• @source rules that include file extensions or point inside node_modules/ folders no longer consider your .gitignore rules (#​17255)
• Deprecate bg-{left,right}-{top,bottom} in favor of bg-{top,bottom}-{left,right} utilities (#​17378)
• Deprecate object-{left,right}-{top,bottom} in favor of object-{top,bottom}-{left,right} utilities (#​17437)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[socket-security]

Report too large to display inline

View full report↗︎

[socket-security]

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert	Package	Note	Source	CI
Obfuscated code	npm/@polkadot/[email protected]	Confidence: 0.91 Location: Package overview	web-app/yarn.lock	⚠︎

View full report↗︎

Next steps

What is obfuscated code?

Obfuscated files are intentionally packed to hide their behavior. This could be a sign of malware.

Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/[email protected] or ignore all packages with @SocketSecurity ignore-all

• @SocketSecurity ignore npm/@polkadot/[email protected]

[netlify]

✅ Deploy Preview for subspacefaucet ready!

Name	Link
🔨 Latest commit	d47e74f
🔍 Latest deploy log	https://app.netlify.com/sites/subspacefaucet/deploys/67f6413afd2b4d0008130035
😎 Deploy Preview	https://deploy-preview-112--subspacefaucet.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site configuration.