deps: bump the production-dependencies group across 1 directory with 7 updates

[dependabot]

Bumps the production-dependencies group with 7 updates in the / directory:

Package	From	To
dotenv	17.2.3	17.3.1
pino	10.3.0	10.3.1
openid-client	6.8.1	6.8.2
undici	7.20.0	7.22.0
@tailwindcss/cli	4.1.18	4.2.1
tailwindcss	4.1.18	4.2.1
oidc-provider	9.6.0	9.6.1

Updates dotenv from 17.2.3 to 17.3.1

Changelog

Sourced from dotenv's changelog.

17.3.1 (2026-02-12)

Changed

• Fix as2 example command in README and update spanish README

17.3.0 (2026-02-12)

Added

• Add a new README section on dotenv’s approach to the agentic future.

Changed

• Rewrite README to get humans started more quickly with less noise while simultaneously making more accessible for llms and agents to go deeper into details.

17.2.4 (2026-02-05)

Changed

• Make DotenvPopulateInput accept NodeJS.ProcessEnv type (#915)

• Give back to dotenv by checking out my newest project vestauth. It is auth for agents. Thank you for using my software.

Commits

• 7bc16a4 17.3.1
• 27303fd update README-es
• 6379eb2 update README
• b6d7339 fix spelling
• 5febe35 17.3.0
• f61f383 changelog 🪵
• dec94ad update README
• 4856950 update README
• 6351887 update README
• 23bd017 update README
• Additional commits viewable in compare view

Updates pino from 10.3.0 to 10.3.1

Release notes

Sourced from pino's releases.

v10.3.1

What's Changed

• build(deps): bump actions/checkout from 6.0.1 to 6.0.2 by @​dependabot[bot] in pinojs/pino#2385
• build(deps-dev): bump eslint-plugin-n from 17.23.1 to 17.23.2 by @​dependabot[bot] in pinojs/pino#2386
• docs: clarify transport level filtering behavior by @​mcollina in pinojs/pino#2390
• fix(transport): sanitize invalid NODE_OPTIONS preloads for workers by @​mcollina in pinojs/pino#2391

Full Changelog: pinojs/pino@v10.3.0...v10.3.1

Commits

• 6b34498 Bumped v10.3.1
• f1203e6 fix(transport): sanitize invalid NODE_OPTIONS preloads for workers (#2391)
• 6a8e598 docs: clarify transport level filtering behavior (#2390)
• 49a4807 Merge branch 'main' of github.com:pinojs/pino
• 960bbbb build(deps-dev): bump eslint-plugin-n from 17.23.1 to 17.23.2 (#2386)
• e2a5b4a build(deps): bump actions/checkout from 6.0.1 to 6.0.2 (#2385)
• 04859e2 chore: update gitignore for ai assistant files
• See full diff in compare view

Updates openid-client from 6.8.1 to 6.8.2

Release notes

Sourced from openid-client's releases.

v6.8.2

Fixes

• use duplex: half for fetchProtectedResource with ReadableStream body input (f6f84e2)

Changelog

Sourced from openid-client's changelog.

6.8.2 (2026-02-07)

Fixes

• use duplex: half for fetchProtectedResource with ReadableStream body input (f6f84e2)

Commits

• b14e51c chore(release): 6.8.2
• f6f84e2 fix: use duplex: half for fetchProtectedResource with ReadableStream body input
• f879890 chore: bump packages
• b506e1a build(deps): bump the actions group with 4 updates (#853)
• 0baa958 chore: bump packages
• c5d4931 chore: bump packages
• 7cf3c12 test: revert undici for the time being
• 8b2e360 chore: bump packages
• 79386b7 build(deps): bump lodash from 4.17.21 to 4.17.23 (#849)
• 950e199 build(deps-dev): bump tar from 7.5.3 to 7.5.6 (#848)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for openid-client since your current version.

Updates undici from 7.20.0 to 7.22.0

Release notes

Sourced from undici's releases.

v7.22.0

What's Changed

• docs: fix syntax highlighting in WebSocket.md by @​styfle in nodejs/undici#4814
• fix: use OR operator in includesCredentials per WHATWG URL Standard by @​jackhax in nodejs/undici#4816
• feat(dispatcher/env-http-proxy-agent): strip leading dot and asterisk by @​SuperOleg39 in nodejs/undici#4676
• fix: route WebSocket upgrades through onRequestUpgrade by @​mcollina in nodejs/undici#4787
• build(deps-dev): bump esbuild from 0.25.12 to 0.27.3 by @​dependabot[bot] in nodejs/undici#4821
• fix(deduplicate): do not deduplicate non-safe methods by default by @​mcollina in nodejs/undici#4818
• feat: Support async cache stores in revalidation by @​marcopiraccini in nodejs/undici#4826

New Contributors

• @​jackhax made their first contribution in nodejs/undici#4816
• @​marcopiraccini made their first contribution in nodejs/undici#4826

Full Changelog: nodejs/undici@v7.21.0...v7.22.0

v7.21.0

What's Changed

• build(deps): bump actions/setup-node from 6.0.0 to 6.2.0 by @​dependabot[bot] in nodejs/undici#4796
• test: restore global dispatcher after fetch tests by @​mcollina in nodejs/undici#4790
• Add missing close method to WebSocketStream interface by @​piotr-cz in nodejs/undici#4802
• fix: error stream instead of canceling by @​KhafraDev in nodejs/undici#4804
• Fix clientTtl cleanup race in Agent by @​mcollina in nodejs/undici#4807
• feat(#4230): Implement pingInterval for dispatching PING frames by @​metcoder95 in nodejs/undici#4296
• fix: handle undefined __filename in bundled environments by @​mcollina in nodejs/undici#4812
• fix: set finalizer only for fetch responses by @​tsctx in nodejs/undici#4803

New Contributors

• @​piotr-cz made their first contribution in nodejs/undici#4802

Full Changelog: nodejs/undici@v7.20.0...v7.21.0

Commits

• 0a23610 Bumped v7.22.0 (#4829)
• f3c5c61 feat: Support async cache stores in revalidation (#4826)
• 9b78a44 fix(deduplicate): avoid deduping methods not in methods option (#4818)
• 0ce57ba build(deps-dev): bump esbuild from 0.25.12 to 0.27.3 (#4821)
• 2453caf fix: route websocket upgrades through new handler API (#4787)
• 4658cdf feat(dispatcher/env-http-proxy-agent): strip leading dot and asterisk (#4676)
• a821c56 fix: use OR operator in includesCredentials per WHATWG URL Standard (#4816)
• b3326b5 docs: fix syntax highlighting in WebSocket.md (#4814)
• 393c0da Bumped v7.21.0 (#4813)
• 47f9b96 fix: set finalizer only for fetch responses (#4803)
• Additional commits viewable in compare view

Updates @tailwindcss/cli from 4.1.18 to 4.2.1

Release notes

Sourced from @​tailwindcss/cli's releases.

v4.2.1

Fixed

• Allow trailing dash in functional utility names for backwards compatibility (#19696)
• Properly detect classes containing . characters within curly braces in MDX files (#19711)

v4.2.0

Added

• Add mauve, olive, mist, and taupe color palettes to the default theme (#19627)
• Add @tailwindcss/webpack package to run Tailwind CSS as a webpack plugin (#19610)
• Add pbs-* and pbe-* utilities for padding-block-start and padding-block-end (#19601)
• Add mbs-* and mbe-* utilities for margin-block-start and margin-block-end (#19601)
• Add scroll-pbs-* and scroll-pbe-* utilities for scroll-padding-block-start and scroll-padding-block-end (#19601)
• Add scroll-mbs-* and scroll-mbe-* utilities for scroll-margin-block-start and scroll-margin-block-end (#19601)
• Add border-bs-* and border-be-* utilities for border-block-start and border-block-end (#19601)
• Add inline-*, min-inline-*, max-inline-* utilities for inline-size, min-inline-size, and max-inline-size (#19612)
• Add block-*, min-block-*, max-block-* utilities for block-size, min-block-size, and max-block-size (#19612)
• Add inset-s-*, inset-e-*, inset-bs-*, inset-be-* utilities for inset-inline-start, inset-inline-end, inset-block-start, and inset-block-end (#19613)
• Add font-features-* utility for font-feature-settings (#19623)

Fixed

• Prevent double @supports wrapper for color-mix values (#19450)
• Allow whitespace around @source inline() argument (#19461)
• Emit comment when source maps are saved to files when using @tailwindcss/cli (#19447)
• Detect utilities containing capital letters followed by numbers (#19465)
• Fix class extraction for Rails' strict locals (#19525)
• Align @utility name validation with Oxide scanner rules (#19524)
• Fix infinite loop when using @variant inside @custom-variant (#19633)
• Allow multiples of .25 in aspect-* fractions (e.g. aspect-8.5/11) (#19688)
• Ensure changes to external files listed via @source trigger a full page reload when using @tailwindcss/vite (#19670)
• Improve performance of Oxide scanner in bigger projects by reducing file system walks (#19632)
• Ensure import aliases in Astro v5 work without crashing when using @tailwindcss/vite (#19677)
• Allow escape characters in @utility names to improve support with formatters such as Biome (#19626)
• Fix incorrect canonicalization results when canonicalizing multiple times (#19675)
• Add .jj to default ignored content directories (#19687)

Deprecated

• Deprecate start-* and end-* utilities in favor of inset-s-* and inset-e-* utilities (#19613)

Changelog

Sourced from @​tailwindcss/cli's changelog.

[4.2.1] - 2026-02-23

Fixed

• Allow trailing dash in functional utility names for backwards compatibility (#19696)
• Properly detect classes containing . characters within curly braces in MDX files (#19711)

[4.2.0] - 2026-02-18

Added

• Add mauve, olive, mist, and taupe color palettes to the default theme (#19627)
• Add @tailwindcss/webpack package to run Tailwind CSS as a webpack plugin (#19610)
• Add pbs-* and pbe-* utilities for padding-block-start and padding-block-end (#19601)
• Add mbs-* and mbe-* utilities for margin-block-start and margin-block-end (#19601)
• Add scroll-pbs-* and scroll-pbe-* utilities for scroll-padding-block-start and scroll-padding-block-end (#19601)
• Add scroll-mbs-* and scroll-mbe-* utilities for scroll-margin-block-start and scroll-margin-block-end (#19601)
• Add border-bs-* and border-be-* utilities for border-block-start and border-block-end (#19601)
• Add inline-*, min-inline-*, max-inline-* utilities for inline-size, min-inline-size, and max-inline-size (#19612)
• Add block-*, min-block-*, max-block-* utilities for block-size, min-block-size, and max-block-size (#19612)
• Add inset-s-*, inset-e-*, inset-bs-*, inset-be-* utilities for inset-inline-start, inset-inline-end, inset-block-start, and inset-block-end (#19613)
• Add font-features-* utility for font-feature-settings (#19623)

Fixed

• Prevent double @supports wrapper for color-mix values (#19450)
• Allow whitespace around @source inline() argument (#19461)
• Emit comment when source maps are saved to files when using @tailwindcss/cli (#19447)
• Detect utilities containing capital letters followed by numbers (#19465)
• Fix class extraction for Rails' strict locals (#19525)
• Align @utility name validation with Oxide scanner rules (#19524)
• Fix infinite loop when using @variant inside @custom-variant (#19633)
• Allow multiples of .25 in aspect-* fractions (e.g. aspect-8.5/11) (#19688)
• Ensure changes to external files listed via @source trigger a full page reload when using @tailwindcss/vite (#19670)
• Improve performance of Oxide scanner in bigger projects by reducing file system walks (#19632)
• Ensure import aliases in Astro v5 work without crashing when using @tailwindcss/vite (#19677)
• Allow escape characters in @utility names to improve support with formatters such as Biome (#19626)
• Fix incorrect canonicalization results when canonicalizing multiple times (#19675)
• Add .jj to default ignored content directories (#19687)

Deprecated

• Deprecate start-* and end-* utilities in favor of inset-s-* and inset-e-* utilities (#19613)

Commits

• 1dce64e 4.2.1 (#19714)
• 1b16411 4.2.0 (#19695)
• d9c4cd8 Update enhanced-resolve 5.18.4 → 5.19.0 (minor) (#19658)
• d9fff9f docs: update package README CI badge to main (#19692)
• 8ed67bf Fix Tailwind CSS package README GitHub links (#19644)
• d6ad8dd Update enhanced-resolve 5.18.3 → 5.18.4 (patch) (#19462)
• 219e019 CLI: Emit comment when source maps are saved to files (#19447)
• See full diff in compare view

Updates tailwindcss from 4.1.18 to 4.2.1

Release notes

Sourced from tailwindcss's releases.

v4.2.1

Fixed

• Allow trailing dash in functional utility names for backwards compatibility (#19696)
• Properly detect classes containing . characters within curly braces in MDX files (#19711)

v4.2.0

Added

• Add mauve, olive, mist, and taupe color palettes to the default theme (#19627)
• Add @tailwindcss/webpack package to run Tailwind CSS as a webpack plugin (#19610)
• Add pbs-* and pbe-* utilities for padding-block-start and padding-block-end (#19601)
• Add mbs-* and mbe-* utilities for margin-block-start and margin-block-end (#19601)
• Add scroll-pbs-* and scroll-pbe-* utilities for scroll-padding-block-start and scroll-padding-block-end (#19601)
• Add scroll-mbs-* and scroll-mbe-* utilities for scroll-margin-block-start and scroll-margin-block-end (#19601)
• Add border-bs-* and border-be-* utilities for border-block-start and border-block-end (#19601)
• Add inline-*, min-inline-*, max-inline-* utilities for inline-size, min-inline-size, and max-inline-size (#19612)
• Add block-*, min-block-*, max-block-* utilities for block-size, min-block-size, and max-block-size (#19612)
• Add inset-s-*, inset-e-*, inset-bs-*, inset-be-* utilities for inset-inline-start, inset-inline-end, inset-block-start, and inset-block-end (#19613)
• Add font-features-* utility for font-feature-settings (#19623)

Fixed

• Prevent double @supports wrapper for color-mix values (#19450)
• Allow whitespace around @source inline() argument (#19461)
• Emit comment when source maps are saved to files when using @tailwindcss/cli (#19447)
• Detect utilities containing capital letters followed by numbers (#19465)
• Fix class extraction for Rails' strict locals (#19525)
• Align @utility name validation with Oxide scanner rules (#19524)
• Fix infinite loop when using @variant inside @custom-variant (#19633)
• Allow multiples of .25 in aspect-* fractions (e.g. aspect-8.5/11) (#19688)
• Ensure changes to external files listed via @source trigger a full page reload when using @tailwindcss/vite (#19670)
• Improve performance of Oxide scanner in bigger projects by reducing file system walks (#19632)
• Ensure import aliases in Astro v5 work without crashing when using @tailwindcss/vite (#19677)
• Allow escape characters in @utility names to improve support with formatters such as Biome (#19626)
• Fix incorrect canonicalization results when canonicalizing multiple times (#19675)
• Add .jj to default ignored content directories (#19687)

Deprecated

• Deprecate start-* and end-* utilities in favor of inset-s-* and inset-e-* utilities (#19613)

Changelog

Sourced from tailwindcss's changelog.

[4.2.1] - 2026-02-23

Fixed

• Allow trailing dash in functional utility names for backwards compatibility (#19696)
• Properly detect classes containing . characters within curly braces in MDX files (#19711)

[4.2.0] - 2026-02-18

Added

• Add mauve, olive, mist, and taupe color palettes to the default theme (#19627)
• Add @tailwindcss/webpack package to run Tailwind CSS as a webpack plugin (#19610)
• Add pbs-* and pbe-* utilities for padding-block-start and padding-block-end (#19601)
• Add mbs-* and mbe-* utilities for margin-block-start and margin-block-end (#19601)
• Add scroll-pbs-* and scroll-pbe-* utilities for scroll-padding-block-start and scroll-padding-block-end (#19601)
• Add scroll-mbs-* and scroll-mbe-* utilities for scroll-margin-block-start and scroll-margin-block-end (#19601)
• Add border-bs-* and border-be-* utilities for border-block-start and border-block-end (#19601)
• Add inline-*, min-inline-*, max-inline-* utilities for inline-size, min-inline-size, and max-inline-size (#19612)
• Add block-*, min-block-*, max-block-* utilities for block-size, min-block-size, and max-block-size (#19612)
• Add inset-s-*, inset-e-*, inset-bs-*, inset-be-* utilities for inset-inline-start, inset-inline-end, inset-block-start, and inset-block-end (#19613)
• Add font-features-* utility for font-feature-settings (#19623)

Fixed

• Prevent double @supports wrapper for color-mix values (#19450)
• Allow whitespace around @source inline() argument (#19461)
• Emit comment when source maps are saved to files when using @tailwindcss/cli (#19447)
• Detect utilities containing capital letters followed by numbers (#19465)
• Fix class extraction for Rails' strict locals (#19525)
• Align @utility name validation with Oxide scanner rules (#19524)
• Fix infinite loop when using @variant inside @custom-variant (#19633)
• Allow multiples of .25 in aspect-* fractions (e.g. aspect-8.5/11) (#19688)
• Ensure changes to external files listed via @source trigger a full page reload when using @tailwindcss/vite (#19670)
• Improve performance of Oxide scanner in bigger projects by reducing file system walks (#19632)
• Ensure import aliases in Astro v5 work without crashing when using @tailwindcss/vite (#19677)
• Allow escape characters in @utility names to improve support with formatters such as Biome (#19626)
• Fix incorrect canonicalization results when canonicalizing multiple times (#19675)
• Add .jj to default ignored content directories (#19687)

Deprecated

• Deprecate start-* and end-* utilities in favor of inset-s-* and inset-e-* utilities (#19613)

Commits

• 1dce64e 4.2.1 (#19714)
• d15d92c Allow trailing dash in functional utility names (#19696)
• 1b16411 4.2.0 (#19695)
• 6118f4f Fix/misc docs and tests (#19652)
• 5a4a7eb fix(canonicalize): prevent collapse cache pollution across calls (#19675)
• d0a5612 Add mauve, olive, mist, and taupe color palettes (#19627)
• d9fff9f docs: update package README CI badge to main (#19692)
• ed52d3e feat: handle backslash in @utility name (#19626)
• 6eb3b32 Allow multiples of .25 in aspect-* fractions (#19688)
• 8ed67bf Fix Tailwind CSS package README GitHub links (#19644)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for tailwindcss since your current version.

Updates oidc-provider from 9.6.0 to 9.6.1

Release notes

Sourced from oidc-provider's releases.

v9.6.1

Refactor

• extract NON_REJECTABLE_CLAIMS into shared constant (2b7c025)
• extract shared grant handler helpers to reduce duplication (f5eee9e)
• extract shared token finder for introspection and revocation (666c2b0)

Fixes

• required PAR should not affect CIBA and DAG (8167bd0)

Changelog

Sourced from oidc-provider's changelog.

9.6.1 (2026-02-19)

Refactor

• extract NON_REJECTABLE_CLAIMS into shared constant (2b7c025)
• extract shared grant handler helpers to reduce duplication (f5eee9e)
• extract shared token finder for introspection and revocation (666c2b0)

Fixes

• required PAR should not affect CIBA and DAG (8167bd0)

Commits

• d329eba chore(release): 9.6.1
• 8167bd0 fix: required PAR should not affect CIBA and DAG
• 3aec506 chore: bump packages
• f5eee9e refactor: extract shared grant handler helpers to reduce duplication
• 666c2b0 refactor: extract shared token finder for introspection and revocation
• 2b7c025 refactor: extract NON_REJECTABLE_CLAIMS into shared constant
• 744311a chore(deps-dev): bump fastify from 5.7.1 to 5.7.3 (#1387)
• d60e256 chore(deps): bump the actions group with 3 updates (#1386)
• d7a7711 chore: disable faulty import/no-unresolved rule
• 2b8b94f chore: bump packages
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: automated, dependencies. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[dependabot]

Looks like these dependencies are no longer updatable, so this is no longer needed.