fix(deps): bump the styling group across 1 directory with 7 updates

[dependabot]

Bumps the styling group with 7 updates in the / directory:

Package	From	To
@radix-ui/react-avatar	1.1.10	1.1.11
@radix-ui/react-label	2.1.7	2.1.8
@radix-ui/react-progress	1.1.7	1.1.8
@radix-ui/react-separator	1.1.7	1.1.8
@radix-ui/react-slot	1.2.3	1.2.4
tailwind-merge	2.6.0	3.4.0
tailwindcss	4.1.12	4.1.17

Updates @radix-ui/react-avatar from 1.1.10 to 1.1.11

Commits

• See full diff in compare view

Updates @radix-ui/react-label from 2.1.7 to 2.1.8

Commits

• See full diff in compare view

Updates @radix-ui/react-progress from 1.1.7 to 1.1.8

Commits

• See full diff in compare view

Updates @radix-ui/react-separator from 1.1.7 to 1.1.8

Commits

• See full diff in compare view

Updates @radix-ui/react-slot from 1.2.3 to 1.2.4

Commits

• See full diff in compare view

Updates tailwind-merge from 2.6.0 to 3.4.0

Release notes

Sourced from tailwind-merge's releases.

v3.4.0

New Features

• Performance optimizations which make tailwind-merge >10% faster
  • Vibe optimization by @​quantizor in dcastil/tailwind-merge#547
  • Additional optimizations by @​quantizor in dcastil/tailwind-merge#619

Documentation

• Improve docs by clarifying things, adding more examples by @​dcastil in dcastil/tailwind-merge#618
• Make examples more realistic by @​dcastil in dcastil/tailwind-merge#617
• Add custom variant as an alternative to docs by @​kidonng in dcastil/tailwind-merge#592

Other

• Improve benchmarking suite by @​quantizor in dcastil/tailwind-merge#620

Full Changelog: dcastil/tailwind-merge@v3.3.1...v3.4.0

Thanks to @​brandonmcconnell, @​manavm1990, @​langy, @​roboflow, @​syntaxfm, @​getsentry, @​codecov and a private sponsor for sponsoring tailwind-merge! ❤️

v3.3.1

Bug Fixes

• Fix arbitrary value using color-mix() not being detected as color by @​dcastil in dcastil/tailwind-merge#591

Full Changelog: dcastil/tailwind-merge@v3.3.0...v3.3.1

Thanks to @​brandonmcconnell, @​manavm1990, @​langy, @​roboflow, @​syntaxfm, @​getsentry, @​codecov, @​sourcegraph, a private sponsor, @​block and @​shawt3000 for sponsoring tailwind-merge! ❤️

v3.3.0

New Features

• Add support for tailwind CSS v4.1.5 by @​dcastil in dcastil/tailwind-merge#575

Full Changelog: dcastil/tailwind-merge@v3.2.0...v3.3.0

Thanks to @​brandonmcconnell, @​manavm1990, @​langy, @​roboflow, @​syntaxfm, @​getsentry, @​codecov, @​sourcegraph, a private sponsor and @​block for sponsoring tailwind-merge! ❤️

v3.2.0

New Features

• Add support for Tailwind CSS v4.1 by @​dcastil in dcastil/tailwind-merge#565

Full Changelog: dcastil/tailwind-merge@v3.1.0...v3.2.0

Thanks to @​brandonmcconnell, @​manavm1990, @​langy, @​jamesreaco, @​roboflow, @​syntaxfm, @​getsentry, @​codecov, @​sourcegraph and a private sponsor for sponsoring tailwind-merge! ❤️

v3.1.0

New Features

... (truncated)

Commits

• 3e1256a v3.4.0
• e15f392 add changelog for v3.4.0
• 75e9aef Merge pull request #619 from quantizor/further-improvements
• 1bafc9c Make benchmark test names consistent
• 0799c12 revert: remove array-based string building optimization
• 1927858 test: add ultra long class list benchmark
• 87baba3 Remove unnecessary pre-computed conflict maps
• 7831c8e perf: pre-compute conflict arrays at initialization
• 1a3d133 perf: replace localeCompare with direct string comparison
• 0270028 perf: use index-based recursion to avoid array allocations
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for tailwind-merge since your current version.

Updates tailwindcss from 4.1.12 to 4.1.17

Release notes

Sourced from tailwindcss's releases.

v4.1.17

Fixed

• Substitute @variant inside legacy JS APIs (#19263)
• Prevent occasional crash on Windows when loaded into a worker thread (#19242)

v4.1.16

Fixed

• Discard candidates with an empty data type (#19172)
• Fix canonicalization of arbitrary variants with attribute selectors (#19176)
• Fix invalid colors due to nested & (#19184)
• Improve canonicalization for & > :pseudo and & :pseudo arbitrary variants (#19178)

v4.1.15

Fixed

• Fix Safari devtools rendering issue due to color-mix fallback (#19069)
• Suppress Lightning CSS warnings about :deep, :slotted, and :global (#19094)
• Fix resolving theme keys when starting with the name of another theme key in JS configs and plugins (#19097)
• Allow named groups in combination with not-*, has-*, and in-* (#19100)
• Prevent important utilities from affecting other utilities (#19110)
• Don’t index into strings with the theme(…) function (#19111)
• Fix parsing issue when \t is used in at-rules (#19130)
• Upgrade: Canonicalize utilities containing 0 values (#19095)
• Upgrade: Migrate deprecated break-words to wrap-break-word (#19157)

Changed

• Remove the postinstall script from oxide (#19149)

v4.1.14

Fixed

• Handle ' syntax in ClojureScript when extracting classes (#18888)
• Handle @variant inside @custom-variant (#18885)
• Merge suggestions when using @utility (#18900)
• Ensure that file system watchers created when using the CLI are always cleaned up (#18905)
• Do not generate grid-column utilities when configuring grid-column-start or grid-column-end (#18907)
• Do not generate grid-row utilities when configuring grid-row-start or grid-row-end (#18907)
• Prevent duplicate CSS when overwriting a static utility with a theme key (#18056)
• Show Lightning CSS warnings (if any) when optimizing/minifying (#18918)
• Use default export condition for @tailwindcss/vite (#18948)
• Re-throw errors from PostCSS nodes (#18373)
• Detect classes in markdown inline directives (#18967)
• Ensure files with only @theme produce no output when built (#18979)
• Support Maud templates when extracting classes (#18988)
• Upgrade: Do not migrate variant = 'outline' during upgrades (#18922)
• Upgrade: Show version mismatch (if any) when running upgrade tool (#19028)
• Upgrade: Ensure first class inside className is migrated (#19031)

... (truncated)

Changelog

Sourced from tailwindcss's changelog.

[4.1.17] - 2025-11-06

Fixed

• Substitute @variant inside legacy JS APIs (#19263)
• Prevent occasional crash on Windows when loaded into a worker thread (#19242)

[4.1.16] - 2025-10-23

Fixed

• Discard candidates with an empty data type (#19172)
• Fix canonicalization of arbitrary variants with attribute selectors (#19176)
• Fix invalid colors due to nested & (#19184)
• Improve canonicalization for & > :pseudo and & :pseudo arbitrary variants (#19178)

[4.1.15] - 2025-10-20

Fixed

• Fix Safari devtools rendering issue due to color-mix fallback (#19069)
• Suppress Lightning CSS warnings about :deep, :slotted, and :global (#19094)
• Fix resolving theme keys when starting with the name of another theme key in JS configs and plugins (#19097)
• Allow named groups in combination with not-*, has-*, and in-* (#19100)
• Prevent important utilities from affecting other utilities (#19110)
• Don’t index into strings with the theme(…) function (#19111)
• Fix parsing issue when \t is used in at-rules (#19130)
• Upgrade: Canonicalize utilities containing 0 values (#19095)
• Upgrade: Migrate deprecated break-words to wrap-break-word (#19157)

Changed

• Remove the postinstall script from oxide (#19149)(tailwindlabs/tailwindcss#19149)

[4.1.14] - 2025-10-01

Fixed

• Handle ' syntax in ClojureScript when extracting classes (#18888)
• Handle @variant inside @custom-variant (#18885)
• Merge suggestions when using @utility (#18900)
• Ensure that file system watchers created when using the CLI are always cleaned up (#18905)
• Do not generate grid-column utilities when configuring grid-column-start or grid-column-end (#18907)
• Do not generate grid-row utilities when configuring grid-row-start or grid-row-end (#18907)
• Prevent duplicate CSS when overwriting a static utility with a theme key (#18056)
• Show Lightning CSS warnings (if any) when optimizing/minifying (#18918)
• Use default export condition for @tailwindcss/vite (#18948)
• Re-throw errors from PostCSS nodes (#18373)
• Detect classes in markdown inline directives (#18967)
• Ensure files with only @theme produce no output when built (#18979)

... (truncated)

Commits

• e9c9c4f Release v4.1.17 (#19272)
• dc6a3ce Substitute @variant inside utilities (#19263)
• e71e70e Update magic-string 0.30.19 → 0.30.21 (minor) (#19238)
• cbbbe84 Release 4.1.16 (#19185)
• 601d671 Fix incorrect colors used in pseudo-element (#19184)
• a41add9 Improve canonicalization for & > :pseudo and & :pseudo arbitrary variants...
• 0113b88 Fix canonicalization of arbitrary variants with attribute selectors (#19176)
• 29687e0 Discard candidates with an empty data type (#19172)
• 56e7f3b Improve memory usage during canonicalization (#19171)
• 3a4ab82 Stop suggesting legacy utilities (#19169)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: automated, dependencies. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[github-actions]

🤖 AI-Assisted Code Review

🔒 Security Analysis (via CodeQL):

✅ CodeQL scan complete. View security alerts for this PR

🎯 Code Quality Analysis (via ESLint & TypeScript):

✅ No critical ESLint errors found.
⚠️ TypeScript errors detected. Please run pnpm type-check locally to see details.

🎬 StreamVault Specific Reminders:

• Authentication: Have you tested all user roles (viewer, streamer, admin)?
• Payments: If you touched Stripe code, did you test the webhook signature?
• Storage: Are new GCS interactions covered by security rules and signed URLs?