chore(deps): update npm packages

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
@tailwindcss/vite (source)	4.3.0 → 4.3.1
lucide-react (source)	1.17.0 → 1.21.0
playwright (source)	1.60.0 → 1.61.0
react-router-dom (source)	7.17.0 → 7.18.0
tailwindcss (source)	4.3.0 → 4.3.1

---

Release Notes

tailwindlabs/tailwindcss (@​tailwindcss/vite)

v4.3.1

Compare Source

Added

• Add --silent option to suppress output in @tailwindcss/cli (#​20100)

Fixed

• Remove deprecation warnings by using Module#registerHooks instead of Module#register on Node 26+ (#​20028)
• Canonicalization: don't crash when plugin utilities throw for unsupported values (#​20052)
• Allow @apply to be used with CSS mixins (#​19427)
• Ensure not-* correctly negates @container queries, including style(…) queries (#​20059)
• Ensure drop-shadow-* color utilities work with custom shadow values containing calc(…) (#​20080)
• Fix 'Sourcemap is likely to be incorrect' warnings when using @tailwindcss/vite (#​20103)
• Ensure @tailwindcss/webpack can be installed in Rspack projects without requiring webpack as a peer dependency (#​20027)
• Canonicalization: don't suggest invalid calc(…) expressions (e.g. px-[calc(1rem+0px)] → px-[calc(1rem+0)]) (#​20127)
• Canonicalization: avoid suggesting large spacing-scale values for arbitrary lengths (e.g. left-[99999px] → left-[99999px], not left-24999.75) (#​20130)
• Ensure @tailwindcss/cli in --watch mode recovers when a tracked dependency is deleted and restored (#​20137)
• Ensure standalone @tailwindcss/cli binaries are ignored when scanning for class candidates (#​20139)
• Ensure class candidates are extracted from Twig addClass(…) and removeClass(…) calls (#​20198)
• Don't crash in the Ruby or Vue preprocessors when scanning files containing invalid UTF-8 bytes (#​19588)
• Allow @variant to be used inside addBase (#​19480)
• Ensure @source globs with symlinks are preserved (#​20203)
• Ensure later @source rules can re-include files excluded by earlier @source not rules (#​20203)
• Upgrade: don't migrate empty class rules to invalid @utility rules (#​20205)
• Ensure transitions between inset-shadow-none and other inset shadows work correctly (#​20208)
• Ensure explicitly referenced @source directories are scanned even when ignored by git (#​20214)
• Ensure @source globs ending in **/* preserve dynamic path segments to avoid scanning too many files (#​20217)
• Canonicalization: don't fold calc(…) divisions when the result would require high precision (e.g. w-[calc(100%/3.5)] → w-[calc(100%/3.5)], not w-[28.571428571428573%]) (#​20221)
• Serve ESM type declarations to ESM importers of @tailwindcss/postcss (#​20228)

Changed

• Generate 0 instead of calc(var(--spacing) * 0) for spacing utilities like m-0 and left-0 (#​20196)
• Generate var(--spacing) instead of calc(var(--spacing) * 1) for spacing utilities like m-1 and left-1 (#​20196)

lucide-icons/lucide (lucide-react)

v1.21.0: Version 1.21.0

Compare Source

What's Changed

• ci(release.yml): Remove new-version in release flow by @​ericfennis in #​4478
• ci(release.yml): Fix workflow and remove version scripts in package scripts by @​ericfennis in #​4479
• fix(docs): rename navigation category label by @​Hsiii in #​4483
• feat(icons): added broken-bone icon by @​Patolord in #​4131

New Contributors

• @​Hsiii made their first contribution in #​4483
• @​Patolord made their first contribution in #​4131

Full Changelog: lucide-icons/lucide@1.20.0...1.21.0

v1.20.0: Version 1.20.0

Compare Source

What's Changed

• fix(icons): decreased size of arrows inside square-arrow-* icons by @​jguddas in #​3926
• chore(tags): Add tags to search- icons by @​jamiemlaw in #​4099
• feat(icons): added save-check icon by @​Konixy in #​3120
• feat(icons): added tag-plus and tag-x icons by @​adam-kov in #​3980
• feat(icons): added banknote-check icon by @​mfjramirezf in #​3956
• feat(icons): added clock-arrow-in icon by @​jguddas in #​2403
• feat(icons): added summary icon by @​jpjacobpadilla in #​3114
• feat(icons): added user-round-arrow-in icon by @​jguddas in #​2283
• feat(icons): added clock-arrow-out icon by @​jguddas in #​2404
• docs(docs): fix broken Svelte package source link in README by @​SRKrukowski in #​4468
• chore(deps-dev): bump @​angular/compiler from 21.2.5 to 21.2.17 by @​dependabot[bot] in #​4474
• chore(deps-dev): bump @​angular/core from 21.2.5 to 21.2.17 by @​dependabot[bot] in #​4470
• chore(deps-dev): bump vitest from 4.0.12 to 4.1.0 by @​dependabot[bot] in #​4429
• chore(deps-dev): bump markdown-it from 14.1.1 to 14.2.0 by @​dependabot[bot] in #​4475
• chore(deps-dev): bump @​angular/common from 21.2.5 to 21.2.17 by @​dependabot[bot] in #​4471
• feat(icons): added pencil-sparkles icon by @​jennieboops in #​4445

New Contributors

• @​Konixy made their first contribution in #​3120
• @​adam-kov made their first contribution in #​3980
• @​mfjramirezf made their first contribution in #​3956
• @​SRKrukowski made their first contribution in #​4468
• @​jennieboops made their first contribution in #​4445

Full Changelog: lucide-icons/lucide@1.19.0...1.20.0

v1.19.0: Version 1.19.0

Compare Source

What's Changed

• chore(deps): upgrade pnpm to version 11.6.0 by @​ericfennis in #​4458
• feat(icons): added star-* icons by @​RajnishKMehta in #​3918
• chore(suggest-tags): Update metadata suggestion script by @​ericfennis in #​4462
• feat(icons): added save-pen icon by @​vaporvee in #​4179
• feat(icons): added wrench-off icon by @​nilsjonsson in #​4434
• feat(icons): added ad icon by @​jamiemlaw in #​4323
• feat(icons): added eye-dashed icon by @​karsa-mistmere in #​4415
• feat(icons): added save-plus icon by @​jwlinqx in #​4448
• feat(icons): added list-sort-descending icon by @​ericfennis in #​4457
• fix(lucide-react-native): Fix provider exports by @​ericfennis in #​4463
• fix(site): reserve space for icon detail drawer by @​vyctorbrzezowski in #​4344
• fix(icons): changed wallet-cards icon by @​jguddas in #​3888
• feat(site): Improve search and add sorting options by @​ericfennis in #​4453
• feat(icons): added podium icon by @​jguddas in #​2124

New Contributors

• @​vaporvee made their first contribution in #​4179
• @​nilsjonsson made their first contribution in #​4434
• @​jwlinqx made their first contribution in #​4448
• @​vyctorbrzezowski made their first contribution in #​4344

Full Changelog: lucide-icons/lucide@1.18.0...1.19.0

v1.18.0: Version 1.18.0

Compare Source

What's Changed

• chore(site): Remove survey from site by @​ericfennis in #​4417
• feat(icons): added play-off icon by @​Ahmed-Dghaies in #​4412
• fix(metadata): add missing use-cases prop on play-off.json by @​karsa-mistmere in #​4423
• fix(docs): force hide #bb-banner, if html.has-bb-banner is missing by @​karsa-mistmere in #​4422
• fix(docs): Remove @next from installation instructions for@lucide/svelte by @​alecglassford in #​4432
• feat(packages/angular): add support for Angular v22 and onwards by @​karsa-mistmere in #​4450
• fix(ci): add check to skip release if latest tag was created today by @​ericfennis in #​4085
• feat(icons): added webcam-off icon by @​jordan-burnett in #​4242

New Contributors

• @​alecglassford made their first contribution in #​4432
• @​jordan-burnett made their first contribution in #​4242

Full Changelog: lucide-icons/lucide@1.17.0...1.18.0

microsoft/playwright (playwright)

v1.61.0

Compare Source

🔑 WebAuthn passkeys

New Credentials virtual authenticator, available via browserContext.credentials, lets tests register passkeys and answer navigator.credentials.create() / navigator.credentials.get() ceremonies in the page — no real hardware key required, works in all browsers:

const context = await browser.newContext();

// Seed a passkey your backend provisioned for a test user.
await context.credentials.create('example.com', {
  id: credentialId,
  userHandle,
  privateKey,
  publicKey,
});
await context.credentials.install();

const page = await context.newPage();
await page.goto('https://example.com/login');
// The page's navigator.credentials.get() is answered with the seeded passkey.

You can also let the app register a passkey once in a setup test, read it back with credentials.get(), and seed it into later tests — see Credentials for details.

🗃️ Web Storage

New WebStorage API, available via page.localStorage and page.sessionStorage, reads and writes the page's storage for the current origin:

await page.localStorage.setItem('token', 'abc');
const token = await page.localStorage.getItem('token');
const items = await page.sessionStorage.items();

New APIs

Network

• apiResponse.securityDetails() and apiResponse.serverAddr() mirror the browser-side response.securityDetails() and response.serverAddr().

Browser and Screencast

• New option artifactsDir in browserType.connectOverCDP() controls where artifacts such as traces and downloads are stored when attached to an existing browser.
• New option cursor in screencast.showActions() controls the cursor decoration rendered for pointer actions.
• The onFrame callback in screencast.start() now receives a timestamp of when the frame was presented by the browser.

Test runner

• The testOptions.video option now supports the same set of modes as trace: new 'on-all-retries', 'retain-on-first-failure' and 'retain-on-failure-and-retries' values. See the video modes table for which runs are recorded and kept in each mode.
• Supported expect.soft.poll(...).
• New fullConfig.argv — a snapshot of process.argv from the runner process, handy for reading custom arguments passed after the -- separator.
• New fullConfig.failOnFlakyTests mirrors the config option, so reporters can explain why a flaky run failed.
• testInfo.errors now lists each sub-error of an AggregateError as a separate entry.
• New -G command line shorthand for --grep-invert.

🛠️ Other improvements

• Playwright now supports Ubuntu 26.04.
• HAR and trace recordings now include WebSocket requests.

Browser Versions

• Chromium 149.0.7827.55
• Mozilla Firefox 151.0
• WebKit 26.5

This version was also tested against the following stable channels:

• Google Chrome 149
• Microsoft Edge 149

remix-run/react-router (react-router-dom)

v7.18.0

Compare Source

Patch Changes

• Updated dependencies:
  • react-router@7.18.0

---

Configuration

📅 Schedule: (in timezone Asia/Shanghai)

• Branch creation
  • "before 10am on monday"
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	playwright@​1.60.0 ⏵ 1.61.0
	tailwindcss@​4.3.0 ⏵ 4.3.1	+1		+1

View full report