Bump postcss, gulp-postcss and tailwindcss

[dependabot]

Bumps postcss to 8.5.6 and updates ancestor dependencies postcss, gulp-postcss and tailwindcss. These dependencies need to be updated together.

Updates postcss from 6.0.23 to 8.5.6

Release notes

Sourced from postcss's releases.

8.5.6

• Fixed ContainerWithChildren type discriminating (by @​Goodwine).

8.5.5

• Fixed package.json→exports compatibility with some tools (by @​JounQin).

8.5.4

• Fixed Parcel compatibility issue (by @​git-sumitchaudhary).

8.5.3

• Added more details to Unknown word error (by @​hiepxanh).
• Fixed types (by @​romainmenke).
• Fixed docs (by @​catnipan).

8.5.2

• Fixed end position of rules with semicolon (by @​romainmenke).

8.5.1

• Fixed backwards compatibility for complex cases (by @​romainmenke).

8.5 “Duke Alloces”

PostCSS 8.5 brought API to work better with non-CSS sources like HTML, Vue.js/Svelte sources or CSS-in-JS.

@​romainmenke during his work on Stylelint added Input#document in additional to Input#css.

root.source.input.document //=> "<p>Hello</p>
                           //    <style>
                           //    p {
                           //      color: green;
                           //    }
                           //    </style>"
root.source.input.css      //=> "p {
                           //      color: green;
                           //    }"

Thanks to Sponsors

This release was possible thanks to our community.

If your company wants to support the sustainability of front-end infrastructure or wants to give some love to PostCSS, you can join our supporters by:

• Tidelift with a Spotify-like subscription model supporting all projects from your lock file.
• Direct donations at GitHub Sponsors or Open Collective.

... (truncated)

Changelog

Sourced from postcss's changelog.

8.5.6

• Fixed ContainerWithChildren type discriminating (by @​Goodwine).

8.5.5

• Fixed package.json→exports compatibility with some tools (by @​JounQin).

8.5.4

• Fixed Parcel compatibility issue (by @​git-sumitchaudhary).

8.5.3

• Added more details to Unknown word error (by @​hiepxanh).
• Fixed types (by @​romainmenke).
• Fixed docs (by @​catnipan).

8.5.2

• Fixed end position of rules with semicolon (by @​romainmenke).

8.5.1

• Fixed backwards compatibility for complex cases (by @​romainmenke).

8.5 “Duke Alloces”

• Added Input#document for sources like CSS-in-JS or HTML (by @​romainmenke).

8.4.49

• Fixed custom syntax without source.offset (by @​romainmenke).

8.4.48

• Fixed position calculation in error/warnings methods (by @​romainmenke).

8.4.47

• Removed debug code.

8.4.46

• Fixed Cannot read properties of undefined (reading 'before').

8.4.45

• Removed unnecessary fix which could lead to infinite loop.

8.4.44

• Another way to fix markClean is not a function error.

8.4.43

• Fixed markClean is not a function error.

8.4.42

• Fixed CSS syntax error on long minified files (by @​varpstar).

8.4.41

• Fixed types (by @​nex3 and @​querkmachine).
• Cleaned up RegExps (by @​bluwy).

... (truncated)

Commits

• 91d6eb5 Release 8.5.6 version
• 65ffc55 Update dependencies
• ecd20eb Fix ContainerWithChildren to allow discriminating the node type by comparing ...
• c181597 Release 8.5.5 version
• c5523fb Update dependencies
• 2e3450c refactor: import should be listed before require (#2052)
• 4d720bd Update EM text
• 6cb4a66 Release 8.5.4 version
• ec5c1e0 Update dependencies
• e85e938 Fix code format
• Additional commits viewable in compare view

Updates gulp-postcss from 8.0.0 to 10.0.0

Release notes

Sourced from gulp-postcss's releases.

10.0.0

Same changes as https://github.com/postcss/gulp-postcss/releases/tag/9.1.0, published with the major version bump because of a breaking change.

9.1.0 (deprecated)

Deprecated, republished as 10.0.0 to follow semver, because of the breaking change to drop support for node <18

• Bump postcss-load-config to ^5.0.0
• Ensure options are passed to plugins when using postcss.config.js #170
• Update deps
• Drop support for node <18
• Add flake.nix for local dev with nix develop

9.0.1

• Bump postcss-load-config to ^3.0.0

9.0.0

• Bump PostCSS to 8.0
• Drop Node 6 support
• PostCSS is now a peer dependency

Commits

• 46533ec Bump to 10.0.0
• 77ed79a Merge pull request #187 from postcss/update-deps
• 687f29f Bump to 9.1.0
• c21fca9 Merge pull request #170 from JohnAlbin/pass-options-to-plugins
• bd9d4c0 Merge pull request #186 from postcss/bump-postcss-load-config
• 0f15414 Bump postcss-load-config
• 83dcfcd Merge branch 'main' into pass-options-to-plugins
• 70dfabe Release 9.0.1
• 5d3bf7a Merge pull request #176 from postcss/switch-to-github-workflows
• 22e8c3a Switch to github workflow for testing
• Additional commits viewable in compare view

Updates tailwindcss from 1.1.4 to 4.1.17

Release notes

Sourced from tailwindcss's releases.

v4.1.17

Fixed

• Substitute @variant inside legacy JS APIs (#19263)
• Prevent occasional crash on Windows when loaded into a worker thread (#19242)

v4.1.16

Fixed

• Discard candidates with an empty data type (#19172)
• Fix canonicalization of arbitrary variants with attribute selectors (#19176)
• Fix invalid colors due to nested & (#19184)
• Improve canonicalization for & > :pseudo and & :pseudo arbitrary variants (#19178)

v4.1.15

Fixed

• Fix Safari devtools rendering issue due to color-mix fallback (#19069)
• Suppress Lightning CSS warnings about :deep, :slotted, and :global (#19094)
• Fix resolving theme keys when starting with the name of another theme key in JS configs and plugins (#19097)
• Allow named groups in combination with not-*, has-*, and in-* (#19100)
• Prevent important utilities from affecting other utilities (#19110)
• Don’t index into strings with the theme(…) function (#19111)
• Fix parsing issue when \t is used in at-rules (#19130)
• Upgrade: Canonicalize utilities containing 0 values (#19095)
• Upgrade: Migrate deprecated break-words to wrap-break-word (#19157)

Changed

• Remove the postinstall script from oxide (#19149)

v4.1.14

Fixed

• Handle ' syntax in ClojureScript when extracting classes (#18888)
• Handle @variant inside @custom-variant (#18885)
• Merge suggestions when using @utility (#18900)
• Ensure that file system watchers created when using the CLI are always cleaned up (#18905)
• Do not generate grid-column utilities when configuring grid-column-start or grid-column-end (#18907)
• Do not generate grid-row utilities when configuring grid-row-start or grid-row-end (#18907)
• Prevent duplicate CSS when overwriting a static utility with a theme key (#18056)
• Show Lightning CSS warnings (if any) when optimizing/minifying (#18918)
• Use default export condition for @tailwindcss/vite (#18948)
• Re-throw errors from PostCSS nodes (#18373)
• Detect classes in markdown inline directives (#18967)
• Ensure files with only @theme produce no output when built (#18979)
• Support Maud templates when extracting classes (#18988)
• Upgrade: Do not migrate variant = 'outline' during upgrades (#18922)
• Upgrade: Show version mismatch (if any) when running upgrade tool (#19028)
• Upgrade: Ensure first class inside className is migrated (#19031)

... (truncated)

Changelog

Sourced from tailwindcss's changelog.

[4.1.17] - 2025-11-06

Fixed

• Substitute @variant inside legacy JS APIs (#19263)
• Prevent occasional crash on Windows when loaded into a worker thread (#19242)

[4.1.16] - 2025-10-23

Fixed

• Discard candidates with an empty data type (#19172)
• Fix canonicalization of arbitrary variants with attribute selectors (#19176)
• Fix invalid colors due to nested & (#19184)
• Improve canonicalization for & > :pseudo and & :pseudo arbitrary variants (#19178)

[4.1.15] - 2025-10-20

Fixed

• Fix Safari devtools rendering issue due to color-mix fallback (#19069)
• Suppress Lightning CSS warnings about :deep, :slotted, and :global (#19094)
• Fix resolving theme keys when starting with the name of another theme key in JS configs and plugins (#19097)
• Allow named groups in combination with not-*, has-*, and in-* (#19100)
• Prevent important utilities from affecting other utilities (#19110)
• Don’t index into strings with the theme(…) function (#19111)
• Fix parsing issue when \t is used in at-rules (#19130)
• Upgrade: Canonicalize utilities containing 0 values (#19095)
• Upgrade: Migrate deprecated break-words to wrap-break-word (#19157)

Changed

• Remove the postinstall script from oxide (#19149)(tailwindlabs/tailwindcss#19149)

[4.1.14] - 2025-10-01

Fixed

• Handle ' syntax in ClojureScript when extracting classes (#18888)
• Handle @variant inside @custom-variant (#18885)
• Merge suggestions when using @utility (#18900)
• Ensure that file system watchers created when using the CLI are always cleaned up (#18905)
• Do not generate grid-column utilities when configuring grid-column-start or grid-column-end (#18907)
• Do not generate grid-row utilities when configuring grid-row-start or grid-row-end (#18907)
• Prevent duplicate CSS when overwriting a static utility with a theme key (#18056)
• Show Lightning CSS warnings (if any) when optimizing/minifying (#18918)
• Use default export condition for @tailwindcss/vite (#18948)
• Re-throw errors from PostCSS nodes (#18373)
• Detect classes in markdown inline directives (#18967)
• Ensure files with only @theme produce no output when built (#18979)

... (truncated)

Commits

• e9c9c4f Release v4.1.17 (#19272)
• dc6a3ce Substitute @variant inside utilities (#19263)
• e71e70e Update magic-string 0.30.19 → 0.30.21 (minor) (#19238)
• cbbbe84 Release 4.1.16 (#19185)
• 601d671 Fix incorrect colors used in pseudo-element (#19184)
• a41add9 Improve canonicalization for & > :pseudo and & :pseudo arbitrary variants...
• 0113b88 Fix canonicalization of arbitrary variants with attribute selectors (#19176)
• 29687e0 Discard candidates with an empty data type (#19172)
• 56e7f3b Improve memory usage during canonicalization (#19171)
• 3a4ab82 Stop suggesting legacy utilities (#19169)
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

[netlify]

❌ Deploy Preview for demo-neurodata failed.

Name	Link
🔨 Latest commit	0e3ff21
🔍 Latest deploy log	https://app.netlify.com/projects/demo-neurodata/deploys/692b36bb4b70d40008eaa197