build(deps-dev): bump the dev-dependencies group with 5 updates by dependabot[bot] · Pull Request #1464 · carrtech-dev/ct-ops

dependabot · 2026-05-18T08:04:37Z

Bumps the dev-dependencies group with 5 updates:

Package	From	To
turbo	`2.9.12`	`2.9.14`
@playwright/test	`1.59.1`	`1.60.0`
@tailwindcss/postcss	`4.2.4`	`4.3.0`
@types/node	`20.19.39`	`20.19.41`
tailwindcss	`4.2.4`	`4.3.0`

Updates turbo from 2.9.12 to 2.9.14

Release notes

Sourced from turbo's releases.

Turborepo v2.9.14

[!NOTE] This release contains important security fixes.

High:

GHSA-5xc8-49mv-x4mm: Turborepo VSCode Extension command injection

Low:

GHSA-hcf7-66rw-9f5r: Login callback CSRF/session fixation

GHSA-3qcw-2rhx-2726: Unexpected local code execution during Yarn Berry detection

What's Changed

Changelog

release(turborepo): 2.9.12 by @github-actions[bot] in vercel/turborepo#12774

fix: Restore docs mobile menu by @anthonyshew in vercel/turborepo#12782

ci: Use pull_request for PR title linting by @anthonyshew in vercel/turborepo#12787

ci: Scope GitHub Actions caches by branch by @anthonyshew in vercel/turborepo#12788

test: Validate lockfiles without dependency downloads by @anthonyshew in vercel/turborepo#12789

Removed unneeded import form hash creation script in docs by @dancrumb in vercel/turborepo#12799

fix: Validate auth callback state by @anthonyshew in vercel/turborepo#12802

fix: Harden VS Code extension command execution by @anthonyshew in vercel/turborepo#12800

fix: Avoid project-local Yarn during detection by @anthonyshew in vercel/turborepo#12801

chore: Release 2.9.13 by @anthonyshew in vercel/turborepo#12803

New Contributors

@dancrumb made their first contribution in vercel/turborepo#12799

Full Changelog: vercel/turborepo@v2.9.12...v2.9.14

Turborepo v2.9.13-canary.1

What's Changed

Changelog

release(turborepo): 2.9.11-canary.7 by @github-actions[bot] in vercel/turborepo#12768

fix: Allow $TURBO_EXTENDS$ in LSP diagnostics by @anthonyshew in vercel/turborepo#12770

release(turborepo): 2.9.11 by @github-actions[bot] in vercel/turborepo#12771

fix: Allow transit nodes in LSP diagnostics by @anthonyshew in vercel/turborepo#12773

release(turborepo): 2.9.12 by @github-actions[bot] in vercel/turborepo#12774

fix: Restore docs mobile menu by @anthonyshew in vercel/turborepo#12782

ci: Use pull_request for PR title linting by @anthonyshew in vercel/turborepo#12787

ci: Scope GitHub Actions caches by branch by @anthonyshew in vercel/turborepo#12788

test: Validate lockfiles without dependency downloads by @anthonyshew in vercel/turborepo#12789

Removed unneeded import form hash creation script in docs by @dancrumb in vercel/turborepo#12799

fix: Validate auth callback state by @anthonyshew in vercel/turborepo#12802

fix: Harden VS Code extension command execution by @anthonyshew in vercel/turborepo#12800

fix: Avoid project-local Yarn during detection by @anthonyshew in vercel/turborepo#12801

... (truncated)

Commits

fc62fe0 publish 2.9.14 to registry
fb8c9ae chore: Release 2.9.13 (#12803)
e8e629d fix: Avoid project-local Yarn during detection (#12801)
91c90cb fix: Harden VS Code extension command execution (#12800)
84f4508 fix: Validate auth callback state (#12802)
1779ad7 Removed unneeded import form hash creation script in docs (#12799)
71f8c90 test: Validate lockfiles without dependency downloads (#12789)
5fcb960 ci: Scope GitHub Actions caches by branch (#12788)
4cf9fab ci: Use pull_request for PR title linting (#12787)
859c629 fix: Restore docs mobile menu (#12782)
Additional commits viewable in compare view

Updates @playwright/test from 1.59.1 to 1.60.0

Release notes

Sourced from @playwright/test's releases.

v1.60.0

🌐 HAR recording on Tracing

tracing.startHar() / tracing.stopHar() expose HAR recording as a first-class tracing API, with the same content, mode and urlFilter options as recordHar. The returned Disposable makes it easy to scope a recording with await using:
await using har = await context.tracing.startHar('trace.har');
const page = await context.newPage();
await page.goto('https://playwright.dev');
// HAR is finalized when `har` goes out of scope.
🪝 Drop API

New locator.drop() simulates an external drag-and-drop of files or clipboard-like data onto an element. Playwright dispatches dragenter, dragover, and drop with a synthetic [DataTransfer] in the page context — works cross-browser and is great for testing upload zones:
await page.locator('#dropzone').drop({
  files: { name: 'note.txt', mimeType: 'text/plain', buffer: Buffer.from('hello') },
});
await page.locator('#dropzone').drop({
data: {
'text/plain': 'hello world',
'text/uri-list': 'https://example.com',
},
});
🎯 Aria snapshots

expect(page).toMatchAriaSnapshot() now works on a Page, in addition to a Locator — equivalent to asserting against page.locator('body').

New boxes option on locator.ariaSnapshot() / page.ariaSnapshot() appends each element's bounding box as [box=x,y,width,height], useful for AI consumption.

🛑 test.abort()

New test.abort() aborts the currently running test from a fixture, hook, or route handler with an optional message. Use it when you have detected an unrecoverable misuse and want to fail the test right away:
test('does not publish to the shared page', async ({ page }) => {
  await page.route('**/publish', route => {
    test.abort('Tests must not publish to the shared page. Use the `clone` option.');
    return route.abort();
  });
  // ...
});
New APIs

Browser, Context and Page

... (truncated)

Commits

87bb9dd cherry-pick(#40747): fix(yauzl): vendor yauzl with destroy-lifecycle fix
9a9c51c cherry-pick(#40733): chore(electron): revert #40184 (move Electron API to a s...
4b3b628 cherry-pick(#40736): Revert "feat(electron): add timeout option to electronAp...
f869f96 chore: bump version to v1.60.0 (#40714)
7eb6918 cherry-pick(#40710): docs: release notes v1.60
118d2aa cherry-pick(#40693): chore(python): formdata path type
54012f5 chore(deps): bump ip-address and express-rate-limit (#40680)
9fa531d fix(screencast): unblock frame ack when an async client disconnects (#40674)
3649db5 chore(mcp): bump default extension protocol to v2 (#40678)
bb6c009 chore(extension): mark 0.2.1 (#40679)
Additional commits viewable in compare view

Updates @tailwindcss/postcss from 4.2.4 to 4.3.0

Release notes

Sourced from @tailwindcss/postcss's releases.

v4.3.0

Added

Add @container-size utility (#18901)

Add scrollbar-{auto,thin,none} utilities for scrollbar-width, and scrollbar-thumb-* / scrollbar-track-* color utilities for scrollbar-color (#19981, #20019)

Add scrollbar-gutter-* utilities (#20018)

Add zoom-* utilities (#20020)

Add tab-* utilities (#20022)

Allow using @variant with stacked variants (e.g. @variant hover:focus { … }) (#19996)

Allow using @variant with compound variants (e.g. @variant hover, focus { … }) (#19996)

Support --default(…) in --value(…) and --modifier(…) for functional @utility definitions (#19989)

Fixed

Ensure @plugin resolves package JavaScript entries instead of browser CSS entries when using @tailwindcss/vite (#19949)

Fix relative @import and @plugin paths resolving from the wrong directory when using @tailwindcss/vite (#19965)

Ensure CSS files containing @variant are processed by @tailwindcss/vite (#19966)

Resolve imports relative to base when result.opts.from is not provided when using @tailwindcss/postcss (#19980)

Canonicalization: preserve significant _ whitespace in arbitrary values (#19986)

Canonicalization: add parentheses when removing whitespace from arbitrary values would hurt readability (e.g. w-[calc(100%---spacing(60))] → w-[calc(100%-(--spacing(60)))]) (#19986)

Canonicalization: preserve the original unit in arbitrary values instead of normalizing to base units (e.g. -mt-[20in] → mt-[-20in], not mt-[-1920px]) (#19988)

Canonicalization: migrate arbitrary :has() variants from [&:has(…)] to has-[…] (#19991)

Upgrade: don’t migrate inline style attributes (e.g. style="flex-grow: 1" → style="flex-grow: 1", not style="grow: 1") (#19918)

Allow multiple @utility definitions with the same name but different value types (#19777)

Export missing PluginWithConfig type from tailwindcss/plugin to fix errors when inferring plugin config types (#19707)

Ensure start and end legacy utilities without values do not generate CSS (#20003)

Ensure --value(…) is required in functional @utility definitions (#20005)

Canonicalization: preserve required whitespace around operators in negated arbitrary values (e.g. -left-[(var(--a)+var(--b))]) (#20011)

Changelog

Sourced from @tailwindcss/postcss's changelog.

[4.3.0] - 2026-05-08

Added

Add @container-size utility (#18901)

Add scrollbar-{auto,thin,none} utilities for scrollbar-width, and scrollbar-thumb-* / scrollbar-track-* color utilities for scrollbar-color (#19981, #20019)

Add scrollbar-gutter-* utilities (#20018)

Add zoom-* utilities (#20020)

Add tab-* utilities (#20022)

Allow using @variant with stacked variants (e.g. @variant hover:focus { … }) (#19996)

Allow using @variant with compound variants (e.g. @variant hover, focus { … }) (#19996)

Support --default(…) in --value(…) and --modifier(…) for functional @utility definitions (#19989)

Fixed

Ensure @plugin resolves package JavaScript entries instead of browser CSS entries when using @tailwindcss/vite (#19949)

Fix relative @import and @plugin paths resolving from the wrong directory when using @tailwindcss/vite (#19965)

Ensure CSS files containing @variant are processed by @tailwindcss/vite (#19966)

Resolve imports relative to base when result.opts.from is not provided when using @tailwindcss/postcss (#19980)

Canonicalization: preserve significant _ whitespace in arbitrary values (#19986)

Canonicalization: add parentheses when removing whitespace from arbitrary values would hurt readability (e.g. w-[calc(100%---spacing(60))] → w-[calc(100%-(--spacing(60)))]) (#19986)

Canonicalization: preserve the original unit in arbitrary values instead of normalizing to base units (e.g. -mt-[20in] → mt-[-20in], not mt-[-1920px]) (#19988)

Canonicalization: migrate arbitrary :has() variants from [&:has(…)] to has-[…] (#19991)

Upgrade: don’t migrate inline style attributes (e.g. style="flex-grow: 1" → style="flex-grow: 1", not style="grow: 1") (#19918)

Allow multiple @utility definitions with the same name but different value types (#19777)

Export missing PluginWithConfig type from tailwindcss/plugin to fix errors when inferring plugin config types (#19707)

Ensure start and end legacy utilities without values do not generate CSS (#20003)

Ensure --value(…) is required in functional @utility definitions (#20005)

Canonicalization: preserve required whitespace around operators in negated arbitrary values (e.g. -left-[(var(--a)+var(--b))]) (#20011)

Commits

588bd73 4.3.0 (#20023)
12eb5ae Cleanup noisy test output (#20015)
4255671 Improve snapshot tests (#20013)
52f94c7 Improve codebase quality (#19999)
d194d4c docs: fix various typos in comments and documentation (#19878)
bfb5732 Fall back to the plugin base when PostCSS has no from option (#19980)
3a890c3 Bump dependencies (#19957)
See full diff in compare view

Updates @types/node from 20.19.39 to 20.19.41

Commits

See full diff in compare view

Updates tailwindcss from 4.2.4 to 4.3.0

Release notes

Sourced from tailwindcss's releases.

v4.3.0

Added

Add @container-size utility (#18901)

Add scrollbar-{auto,thin,none} utilities for scrollbar-width, and scrollbar-thumb-* / scrollbar-track-* color utilities for scrollbar-color (#19981, #20019)

Add scrollbar-gutter-* utilities (#20018)

Add zoom-* utilities (#20020)

Add tab-* utilities (#20022)

Allow using @variant with stacked variants (e.g. @variant hover:focus { … }) (#19996)

Allow using @variant with compound variants (e.g. @variant hover, focus { … }) (#19996)

Support --default(…) in --value(…) and --modifier(…) for functional @utility definitions (#19989)

Fixed

Ensure @plugin resolves package JavaScript entries instead of browser CSS entries when using @tailwindcss/vite (#19949)

Fix relative @import and @plugin paths resolving from the wrong directory when using @tailwindcss/vite (#19965)

Ensure CSS files containing @variant are processed by @tailwindcss/vite (#19966)

Resolve imports relative to base when result.opts.from is not provided when using @tailwindcss/postcss (#19980)

Canonicalization: preserve significant _ whitespace in arbitrary values (#19986)

Canonicalization: add parentheses when removing whitespace from arbitrary values would hurt readability (e.g. w-[calc(100%---spacing(60))] → w-[calc(100%-(--spacing(60)))]) (#19986)

Canonicalization: preserve the original unit in arbitrary values instead of normalizing to base units (e.g. -mt-[20in] → mt-[-20in], not mt-[-1920px]) (#19988)

Canonicalization: migrate arbitrary :has() variants from [&:has(…)] to has-[…] (#19991)

Upgrade: don’t migrate inline style attributes (e.g. style="flex-grow: 1" → style="flex-grow: 1", not style="grow: 1") (#19918)

Allow multiple @utility definitions with the same name but different value types (#19777)

Export missing PluginWithConfig type from tailwindcss/plugin to fix errors when inferring plugin config types (#19707)

Ensure start and end legacy utilities without values do not generate CSS (#20003)

Ensure --value(…) is required in functional @utility definitions (#20005)

Canonicalization: preserve required whitespace around operators in negated arbitrary values (e.g. -left-[(var(--a)+var(--b))]) (#20011)

Changelog

Sourced from tailwindcss's changelog.

[4.3.0] - 2026-05-08

Added

Add @container-size utility (#18901)

Add scrollbar-{auto,thin,none} utilities for scrollbar-width, and scrollbar-thumb-* / scrollbar-track-* color utilities for scrollbar-color (#19981, #20019)

Add scrollbar-gutter-* utilities (#20018)

Add zoom-* utilities (#20020)

Add tab-* utilities (#20022)

Allow using @variant with stacked variants (e.g. @variant hover:focus { … }) (#19996)

Allow using @variant with compound variants (e.g. @variant hover, focus { … }) (#19996)

Support --default(…) in --value(…) and --modifier(…) for functional @utility definitions (#19989)

Fixed

Ensure @plugin resolves package JavaScript entries instead of browser CSS entries when using @tailwindcss/vite (#19949)

Fix relative @import and @plugin paths resolving from the wrong directory when using @tailwindcss/vite (#19965)

Ensure CSS files containing @variant are processed by @tailwindcss/vite (#19966)

Resolve imports relative to base when result.opts.from is not provided when using @tailwindcss/postcss (#19980)

Canonicalization: preserve significant _ whitespace in arbitrary values (#19986)

Canonicalization: add parentheses when removing whitespace from arbitrary values would hurt readability (e.g. w-[calc(100%---spacing(60))] → w-[calc(100%-(--spacing(60)))]) (#19986)

Canonicalization: preserve the original unit in arbitrary values instead of normalizing to base units (e.g. -mt-[20in] → mt-[-20in], not mt-[-1920px]) (#19988)

Canonicalization: migrate arbitrary :has() variants from [&:has(…)] to has-[…] (#19991)

Upgrade: don’t migrate inline style attributes (e.g. style="flex-grow: 1" → style="flex-grow: 1", not style="grow: 1") (#19918)

Allow multiple @utility definitions with the same name but different value types (#19777)

Export missing PluginWithConfig type from tailwindcss/plugin to fix errors when inferring plugin config types (#19707)

Ensure start and end legacy utilities without values do not generate CSS (#20003)

Ensure --value(…) is required in functional @utility definitions (#20005)

Canonicalization: preserve required whitespace around operators in negated arbitrary values (e.g. -left-[(var(--a)+var(--b))]) (#20011)

Commits

588bd73 4.3.0 (#20023)
59936c6 Add tab-* utilities (#20022)
90a2373 add zoom-* utilities (#20020)
2e1ccf7 Add scrollbar-gutter-* utilities (#20018)
754e751 Use non-existing example in tests (#20021)
12eb5ae Cleanup noisy test output (#20015)
4255671 Improve snapshot tests (#20013)
8c77989 Ensure math operators are surrounded by whitespace in arbitrary values (#20011)
b4db3b9 Add scrollbar-width and scrollbar-color utilities (#19981)
08cad84 Support --default(…) in --value(…) and --modifier(…) to support fallbac...
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the dev-dependencies group with 5 updates: | Package | From | To | | --- | --- | --- | | [turbo](https://github.com/vercel/turborepo) | `2.9.12` | `2.9.14` | | [@playwright/test](https://github.com/microsoft/playwright) | `1.59.1` | `1.60.0` | | [@tailwindcss/postcss](https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/@tailwindcss-postcss) | `4.2.4` | `4.3.0` | | [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `20.19.39` | `20.19.41` | | [tailwindcss](https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/tailwindcss) | `4.2.4` | `4.3.0` | Updates `turbo` from 2.9.12 to 2.9.14 - [Release notes](https://github.com/vercel/turborepo/releases) - [Changelog](https://github.com/vercel/turborepo/blob/main/RELEASE.md) - [Commits](vercel/turborepo@v2.9.12...v2.9.14) Updates `@playwright/test` from 1.59.1 to 1.60.0 - [Release notes](https://github.com/microsoft/playwright/releases) - [Commits](microsoft/playwright@v1.59.1...v1.60.0) Updates `@tailwindcss/postcss` from 4.2.4 to 4.3.0 - [Release notes](https://github.com/tailwindlabs/tailwindcss/releases) - [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md) - [Commits](https://github.com/tailwindlabs/tailwindcss/commits/v4.3.0/packages/@tailwindcss-postcss) Updates `@types/node` from 20.19.39 to 20.19.41 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) Updates `tailwindcss` from 4.2.4 to 4.3.0 - [Release notes](https://github.com/tailwindlabs/tailwindcss/releases) - [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md) - [Commits](https://github.com/tailwindlabs/tailwindcss/commits/v4.3.0/packages/tailwindcss) --- updated-dependencies: - dependency-name: turbo dependency-version: 2.9.14 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: dev-dependencies - dependency-name: "@playwright/test" dependency-version: 1.60.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: dev-dependencies - dependency-name: "@tailwindcss/postcss" dependency-version: 4.3.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: dev-dependencies - dependency-name: "@types/node" dependency-version: 20.19.41 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: dev-dependencies - dependency-name: tailwindcss dependency-version: 4.3.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: dev-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2026-05-18T08:04:39Z

Labels

The following labels could not be found: area:npm, dependencies. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

build(deps-dev): bump the dev-dependencies group with 5 updates#1464

build(deps-dev): bump the dev-dependencies group with 5 updates#1464
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/dev-dependencies-d954b88b01

dependabot Bot commented on behalf of github May 18, 2026

Uh oh!

dependabot Bot commented on behalf of github May 18, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github May 18, 2026

Turborepo v2.9.14

High:

Low:

What's Changed

Changelog

New Contributors

Turborepo v2.9.13-canary.1

What's Changed

Changelog

v1.60.0

🌐 HAR recording on Tracing

🪝 Drop API

🎯 Aria snapshots

🛑 test.abort()

New APIs

Browser, Context and Page

v4.3.0

Added

Fixed

[4.3.0] - 2026-05-08

Added

Fixed

v4.3.0

Added

Fixed

[4.3.0] - 2026-05-08

Added

Fixed

Uh oh!

dependabot Bot commented on behalf of github May 18, 2026

Labels

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants