deps(deps-dev): bump the npm-minor-patch group in /marketing with 4 updates

[dependabot]

Bumps the npm-minor-patch group in /marketing with 4 updates: @cyclonedx/cyclonedx-npm, autoprefixer, postcss and tailwindcss.

Updates @cyclonedx/cyclonedx-npm from 4.1.2 to 4.2.1

Release notes

Sourced from @​cyclonedx/cyclonedx-npm's releases.

4.2.1

Fixed

• Properly generate PackageURLs for private packages (#1425 via #1426)

#1425: CycloneDX/cyclonedx-node-npm#1425 #1426: CycloneDX/cyclonedx-node-npm#1426

---

What's Changed

• chore(ci): mark experimental tests by @​jkowalleck in CycloneDX/cyclonedx-node-npm#1424
• fix: PackageURLs for private components by @​jkowalleck in CycloneDX/cyclonedx-node-npm#1426

Full Changelog: CycloneDX/cyclonedx-node-npm@v4.2.0...v4.2.1

4.2.0

Fixed

• Qualified PackageURLs (via #1416)

Changed

• Take care of PackageURL generation ourselves, now (via #1416)
  Previously, this was done at best-effort by a 3rd-party library.

Dependencies

• Bumped dependency @cyclonedx/cyclonedx-library@^10.0.0 now, was @^8.4.0||^9.0.0 (via #1416)
• Added dependency packageurl-js@^2.0.1 (via #1416)
• Added dependency spdx-expression-parse@^3.0.1||^4.0.0 (via #1416)

#1416: CycloneDX/cyclonedx-node-npm#1416

---

What's Changed

• chore(deps): bump actions/upload-artifact from 5 to 6 by @​dependabot[bot] in CycloneDX/cyclonedx-node-npm#1398
• chore(deps): bump actions/download-artifact from 6 to 7 by @​dependabot[bot] in CycloneDX/cyclonedx-node-npm#1397
• chore(deps): bump knip from 5.70.2 to 5.76.0 in /tools/test-dependencies by @​dependabot[bot] in CycloneDX/cyclonedx-node-npm#1401
• chore: allow use of deprecated symbols until fixed by @​jkowalleck in CycloneDX/cyclonedx-node-npm#1410
• chore(ci): modernize CI by @​jkowalleck in CycloneDX/cyclonedx-node-npm#1409
• chore(deps): bump knip from 5.76.0 to 5.83.1 in /tools/test-dependencies by @​dependabot[bot] in CycloneDX/cyclonedx-node-npm#1412
• ci: test node25 by @​jkowalleck in CycloneDX/cyclonedx-node-npm#1421
• chore(deps-dev): bump c8 from 10.1.3 to 11.0.0 by @​dependabot[bot] in CycloneDX/cyclonedx-node-npm#1420
• feat: use cyclonedx library ^10.0.0 by @​jkowalleck in CycloneDX/cyclonedx-node-npm#1416
• tests: npm ci by @​jkowalleck in CycloneDX/cyclonedx-node-npm#1423
• chore(deps): bump knip from 5.83.1 to 5.85.0 in /tools/test-dependencies by @​dependabot[bot] in CycloneDX/cyclonedx-node-npm#1415

Full Changelog: CycloneDX/cyclonedx-node-npm@v4.1.2...v4.2.0

Changelog

Sourced from @​cyclonedx/cyclonedx-npm's changelog.

4.2.1 - 2026-03-00

• Fixed
  • Properly generate PackageURLs for private packages (#1425 via #1426)

#1425: CycloneDX/cyclonedx-node-npm#1425 #1426: CycloneDX/cyclonedx-node-npm#1426

4.2.0 - 2026-03-03

• Fixed
  • Qualified PackageURLs (via #1416)
• Changed
  • Take care of PackageURL generation ourselves, now (via #1416)
    Previously, this was done at best-effort by a 3rd-party library.
• Dependencies
  • Bumped dependency @cyclonedx/cyclonedx-library@^10.0.0 now, was @^8.4.0||^9.0.0 (via #1416)
  • Added dependency packageurl-js@^2.0.1 (via #1416)
  • Added dependency spdx-expression-parse@^3.0.1||^4.0.0 (via #1416)

#1416: CycloneDX/cyclonedx-node-npm#1416

Commits

• 5db779c 4.2.1
• f98fedc chore: prep v4.2.1
• 002211b fix: PackageURLs for private components (#1426)
• 19d4faf chore(ci): mark experimental tests (#1424)
• 96a208c chore: update releasepipeline
• e84b81f 4.2.0
• fe7b392 chore: prep v4.2.0
• c159d3b chore(deps): bump knip from 5.83.1 to 5.85.0 in /tools/test-dependencies (#1415)
• 24f12f5 tests: npm ci (#1423)
• dad4951 feat: use cyclonedx library ^10.0.0 (#1416)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​cyclonedx/cyclonedx-npm since your current version.

Updates autoprefixer from 10.4.21 to 10.5.0

Release notes

Sourced from autoprefixer's releases.

10.5.0 “Each Endeavouring, All Achieving”

• Added mask-position-x and mask-position-y support (by @​toporek).

10.4.27

• Removed development key from package.json.

10.4.26

• Reduced package size.

10.4.25

• Fixed broken gradients on CSS Custom Properties (by @​serger777).

10.4.24

• Made Autoprefixer a little faster (by @​Cherry).

10.4.23

• Reduced dependencies (by @​hyperz111).

10.4.22

• Fixed stretch prefixes on new Can I Use database.
• Updated fraction.js.

Changelog

Sourced from autoprefixer's changelog.

10.5.0 “Each Endeavouring, All Achieving”

• Added mask-position-x and mask-position-y support (by @​toporek).

10.4.27

• Removed development key from package.json.

10.4.26

• Reduced package size.

10.4.25

• Fixed broken gradients on CSS Custom Properties (by @​serger777).

10.4.24

• Made Autoprefixer a little faster (by @​Cherry).

10.4.23

• Reduced dependencies (by @​hyperz111).

10.4.22

• Fixed stretch prefixes on new Can I Use database.
• Updated fraction.js.

Commits

• faf456a Release 10.5 version
• b841fc5 Update dependencies
• 47d6e68 Update email
• 45cfc08 Replace ESLint and Prettier to oxlint and oxfmt
• 7e3ec7d Add prefixing support for mask-position-x and mask-position-y (#1548)
• 360f2d9 Release 10.4.27 version
• ab5260c Update clean-publish
• 09e9dd1 Release 10.4.26 version
• ec75540 Ignore local patches
• 59601b8 Update c8 and clean-publish
• Additional commits viewable in compare view

Updates postcss from 8.5.6 to 8.5.10

Release notes

Sourced from postcss's releases.

8.5.10

• Fixed XSS via unescaped </style> in non-bundler cases (by @​TharVid).

8.5.9

• Speed up source map encoding paring in case of the error.

8.5.8

• Fixed Processor#version.

8.5.7

• Improved source map annotation cleaning performance (by CodeAnt AI).

Changelog

Sourced from postcss's changelog.

8.5.10

• Fixed XSS via unescaped </style> in non-bundler cases (by @​TharVid).

8.5.9

• Speed up source map encoding paring in case of the error.

8.5.8

• Fixed Processor#version.

8.5.7

• Improved source map annotation cleaning performance (by CodeAnt AI).

Commits

• 33b9790 Release 8.5.10 version
• 536c79e Escape </style> in CSS output (#2074)
• afa96b2 Update dependencies (#2073)
• effe88b Typo (#2072)
• 3ee79a2 Thread model (#2071)
• 2e0683d Create incident response docs (#2070)
• fe88ac2 Release 8.5.9 version
• c551632 Avoid RegExp when we can use simple JS
• 89a6b74 Move SECURITY.txt for docs folder to keep GitHub page cleaner
• 6ceb8a4 Create SECURITY.md
• Additional commits viewable in compare view

Updates tailwindcss from 3.4.18 to 3.4.19

Release notes

Sourced from tailwindcss's releases.

v3.4.19

Fixed

• Don’t break sibling-*() functions when used inside calc(…) (#19335)

Changelog

Sourced from tailwindcss's changelog.

[3.4.19] - 2025-12-10

Fixed

• Don’t break sibling-*() functions when used inside calc(…) (#19335)

[4.1.17] - 2025-11-06

Fixed

• Substitute @variant inside legacy JS APIs (#19263)
• Prevent occasional crash on Windows when loaded into a worker thread (#19242)

[4.1.16] - 2025-10-23

Fixed

• Discard candidates with an empty data type (#19172)
• Fix canonicalization of arbitrary variants with attribute selectors (#19176)
• Fix invalid colors due to nested & (#19184)
• Improve canonicalization for & > :pseudo and & :pseudo arbitrary variants (#19178)

[4.1.15] - 2025-10-20

Fixed

• Fix Safari devtools rendering issue due to color-mix fallback (#19069)
• Suppress Lightning CSS warnings about :deep, :slotted, and :global (#19094)
• Fix resolving theme keys when starting with the name of another theme key in JS configs and plugins (#19097)
• Allow named groups in combination with not-*, has-*, and in-* (#19100)
• Prevent important utilities from affecting other utilities (#19110)
• Don’t index into strings with the theme(…) function (#19111)
• Fix parsing issue when \t is used in at-rules (#19130)
• Upgrade: Canonicalize utilities containing 0 values (#19095)
• Upgrade: Migrate deprecated break-words to wrap-break-word (#19157)

Changed

• Remove the postinstall script from oxide (#19149)(tailwindlabs/tailwindcss#19149)

[4.1.14] - 2025-10-01

Fixed

• Handle ' syntax in ClojureScript when extracting classes (#18888)
• Handle @variant inside @custom-variant (#18885)
• Merge suggestions when using @utility (#18900)
• Ensure that file system watchers created when using the CLI are always cleaned up (#18905)
• Do not generate grid-column utilities when configuring grid-column-start or grid-column-end (#18907)
• Do not generate grid-row utilities when configuring grid-row-start or grid-row-end (#18907)

... (truncated)

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: npm. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.