Bump the npm-production group with 2 updates

[dependabot]

Bumps the npm-production group with 2 updates: pnpm and tailwindcss.

Updates pnpm from 10.6.1 to 10.6.2

Release notes

Sourced from pnpm's releases.

pnpm 10.6.2

Patch Changes

• pnpm self-update should always update the version in the packageManager field of package.json.
• Fix running pnpm CLI from pnpm CLI on Windows when the CLI is bundled to an executable #8971.
• pnpm patch-commit will now use the same filesystem as the store directory to compare and create patch files.
• Don't show info output when --loglevel=error is used.
• peerDependencyRules should be set in pnpm-workspace.yaml to take effect.

Platinum Sponsors

Gold Sponsors

... (truncated)

Changelog

Sourced from pnpm's changelog.

10.6.2

Patch Changes

• pnpm self-update should always update the version in the packageManager field of package.json.
• Fix running pnpm CLI from pnpm CLI on Windows when the CLI is bundled to an executable #8971.
• pnpm patch-commit will now use the same filesystem as the store directory to compare and create patch files.
• Don't show info output when --loglevel=error is used.
• peerDependencyRules should be set in pnpm-workspace.yaml to take effect.

Commits

• 65da4d9 chore(release): 10.6.2
• 81a90da docs: update sponsor logo
• 0900928 fix: pnpm-workspace.yaml config peerDependencyRules does not work (#9245)
• 11104c8 fix: self-update should not ignore the local package.json file
• See full diff in compare view

Updates tailwindcss from 4.0.9 to 4.0.12

Release notes

Sourced from tailwindcss's releases.

v4.0.12

Fixed

• Vite: Fix url(…) rebasing in transitively imported CSS files (#16965)
• PostCSS: Rebase url(…)s in imported CSS files (#16965)
• Ensure utilities are sorted based on their actual property order (#16995)
• Ensure strings in Pug and Slim templates are handled correctly (#17000)
• Ensure classes between } and { are properly extracted (#17001)
• Fix razor/cshtml pre-processing (#17027)
• Ensure extracting candidates from JS embedded in a PHP string works as expected (#17031)

v4.0.11

Fixed

• Ensure classes containing -- are extracted correctly (#16972)
• Ensure classes containing numbers followed by dash or underscore are extracted correctly (#16980)
• Ensure arbitrary container queries are extracted correctly (#16984)
• Ensure classes ending in [ are extracted in Slim templating language (#16985)
• Ensure arbitrary variables with data types are extracted correctly (#16986)

v4.0.10

Added

• Add col-<number> and row-<number> utilities for grid-column and grid-row (#15183)

Fixed

• Ensure not-* does not remove :is(…) from variants (#16825)
• Ensure @keyframes are correctly emitted when using a prefix (#16850)
• Don't swallow @utility declarations when @apply is used in nested rules (#16940)
• Ensure outline-hidden behaves like outline-none outside of forced colors mode (#16943)
• Allow !important on CSS variables again (#16873)
• Vite: Do not crash when encountering an .svg file with # or ? in the filename (#16957)
• Ensure utilities are properly detected within square brackets (#16306)
• Ensure utilities are properly detected using Angular's conditional class binding syntax (#16306)
• Ensure utilities starting with numbers are properly extracted from Slim templates (#16306)
• Discard arbitrary property candidates that have guaranteed-invalid property names (#16306)

Changed

• Removed max-w-auto and max-h-auto utilities as they generate invalid CSS (#16917)
• Replaced the existing candidate extractor with a brand new extractor to improve maintainability, correctness, and performance (#16306)

Changelog

Sourced from tailwindcss's changelog.

[4.0.12] - 2025-03-07

Fixed

• Vite: Fix url(…) rebasing in transitively imported CSS files (#16965)
• PostCSS: Rebase url(…)s in imported CSS files (#16965)
• Ensure utilities are sorted based on their actual property order (#16995)
• Ensure strings in Pug and Slim templates are handled correctly (#17000)
• Ensure classes between } and { are properly extracted (#17001)
• Fix razor/cshtml pre-processing (#17027)
• Ensure extracting candidates from JS embedded in a PHP string works as expected (#17031)

[4.0.11] - 2025-03-06

Fixed

• Ensure classes containing -- are extracted correctly (#16972)
• Ensure classes containing numbers followed by dash or underscore are extracted correctly (#16980)
• Ensure arbitrary container queries are extracted correctly (#16984)
• Ensure classes ending in [ are extracted in Slim templating language (#16985)
• Ensure arbitrary variables with data types are extracted correctly (#16986)

[4.0.10] - 2025-03-05

Added

• Add col-<number> and row-<number> utilities for grid-column and grid-row (#15183)

Fixed

• Ensure not-* does not remove :is(…) from variants (#16825)
• Ensure @keyframes are correctly emitted when using a prefix (#16850)
• Don't swallow @utility declarations when @apply is used in nested rules (#16940)
• Ensure outline-hidden behaves like outline-none outside of forced colors mode (#16943)
• Allow !important on CSS variables again (#16873)
• Vite: Do not crash when encountering an .svg file with # or ? in the filename (#16957)
• Ensure utilities are properly detected within square brackets (#16306)
• Ensure utilities are properly detected using Angular's conditional class binding syntax (#16306)
• Ensure utilities starting with numbers are properly extracted from Slim templates (#16306)
• Discard arbitrary property candidates that have guaranteed-invalid property names (#16306)

Changed

• Removed max-w-auto and max-h-auto utilities as they generate invalid CSS (#16917)
• Replaced the existing candidate extractor with a brand new extractor to improve maintainability, correctness, and performance (#16306)

Commits

• 2f28e5f Prepare v4.0.12 release (#17033)
• 3d0606b Fix sorting of classes that have undefined declarations (#16995)
• b676da8 Prepare v4.0.11 release (#16987)
• 1638b16 Prepare v4.0.10 release (#16963)
• 1c2ad57 Add pointer-* variants (#16946)
• 2eecb4d Remove max-w-auto and max-h-auto (#16917)
• 57b080c Allow !important on CSS variables (#16873)
• db40530 Don't swallow @utility declarations when @apply is used in nested rules (...
• b0aa20c Ensure outline-hidden behaves like outline-none in non-forced-colors mo...
• 595b88f Support bare col-* and row-* utilities (#15183)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
npm/pnpm	10.6.2	🟢 5.9	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Code-Review 🟢 3 Found 11/30 approved changesets -- score normalized to 3 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Fuzzing ⚠️ 0 project is not fuzzed SAST 🟢 10 SAST tool is run on all commits Vulnerabilities ⚠️ 0 116 existing vulnerabilities detected
npm/tailwindcss	4.0.12	🟢 6.4	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 12 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 9 Found 24/26 approved changesets -- score normalized to 9 Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Packaging 🟢 10 packaging workflow detected Fuzzing 🟢 10 project is fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 3 7 existing vulnerabilities detected
npm/pnpm	^10.6.2	🟢 5.9	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Code-Review 🟢 3 Found 11/30 approved changesets -- score normalized to 3 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Fuzzing ⚠️ 0 project is not fuzzed SAST 🟢 10 SAST tool is run on all commits Vulnerabilities ⚠️ 0 116 existing vulnerabilities detected
npm/tailwindcss	^4.0.12	🟢 6.4	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 12 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 9 Found 24/26 approved changesets -- score normalized to 9 Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Packaging 🟢 10 packaging workflow detected Fuzzing 🟢 10 project is fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 3 7 existing vulnerabilities detected
npm/pnpm	10.6.2	🟢 5.9	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Code-Review 🟢 3 Found 11/30 approved changesets -- score normalized to 3 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Fuzzing ⚠️ 0 project is not fuzzed SAST 🟢 10 SAST tool is run on all commits Vulnerabilities ⚠️ 0 116 existing vulnerabilities detected
npm/tailwindcss	4.0.12	🟢 6.4	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 12 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 9 Found 24/26 approved changesets -- score normalized to 9 Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Packaging 🟢 10 packaging workflow detected Fuzzing 🟢 10 project is fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 3 7 existing vulnerabilities detected

Scanned Files

• package-lock.json
• package.json
• pnpm-lock.yaml