Tailwind CSS plugin to generate filter and backdrop filter utilities

By Benoît Rouleau
Last update: Dec 21, 2022
Comments: 17

BLACK LIVES MATTER

Be aware. Be angry. Do better. Demand change. Show your support any way you can. Click on the link above to find protests, petitions, and other ways to help. DO NOT LET IT GO SILENT.

Filters Plugin for Tailwind CSS

Requirements

This plugin requires Tailwind CSS 1.2 or later. If your project uses an older version of Tailwind, you should install the latest 2.x version of this plugin (npm install [email protected]).

Installation

npm install tailwindcss-filters

Usage

// tailwind.config.js
module.exports = {
  theme: {
    filter: { // defaults to {}
      'none': 'none',
      'grayscale': 'grayscale(1)',
      'invert': 'invert(1)',
      'sepia': 'sepia(1)',
    },
    backdropFilter: { // defaults to {}
      'none': 'none',
      'blur': 'blur(20px)',
    },
  },
  variants: {
    filter: ['responsive'], // defaults to ['responsive']
    backdropFilter: ['responsive'], // defaults to ['responsive']
  },
  plugins: [
    require('tailwindcss-filters'),
  ],
};

This plugin generates the following utilities:

/* configurable with the "filter" theme object */
.filter-[key] {
  filter: [value];
}

/* configurable with the "backdropFilter" theme object */
.backdrop-[key] {
  backdrop-filter: [value];
}

Github

https://github.com/benface/tailwindcss-filters

Comments(17)

1

Add possibility to provide a function config (to receive the 'theme' helper)
Hi @benface!

Thanks for providing us with this tailwindcss plugin!

I was wondering if you would be interested to implement the possibility to provide the plugin config as a function so it can depend on other parts of the theme (just like we do by default with backgroundColor, textColor & borderColor).

My use-case would be to use the colors from my theme so I can create a filter that would be an overlay of a certain color with the help of the hex-to-css-filter package and add it as following in the plugin section of my config file:
```
// tailwind.config.js

const hexToCSSFilter = require('hex-to-css-filter');

module.exports = {
  theme: {
    colors: {
      facebook: '#3B5998',
    },
  },
  plugins: [
    require('tailwindcss-filters')(theme => ({
      filters: {
        none: 'none',
        facebook: hexToCSSFilter(theme('colors.facebook')),
      },
    })),
  ],
};
```
2

Now Requires Unknown Dependency

The plugin now requires an unknown plugin of tailwindcss-plugin.

Beta 2.0.0 Edition that doesn't feature that dependency works fine.

I couldn't find where in the ReadMe it said about the 'plugin' plugin?
3

[question] compatible with Tailwind 2.0?

Hello!

I wanted to ask if tailwindcss-filters is compatible with the latest version of tailwind (2.0)? I don't see any version above 1.2 referenced in the documentation.

Thank you!
4

Hover classes

The plugin works great, thank you.

Wondering how to make it work with hover:filter-none. I believe it would need extra CSS classes in this plugin.

Is this possible today?
5

Add hover functionality with CSS transitions
Hi there, I've written a bit of code that allows the ability to remove a filter when hovered over (or the other way around). It also comes with optional CSS transitions for which you can configure the duration.

A simple test for you would be:
```
//tailwind.config.js
...
filter: { 
    'none(400)': 'none', //400ms transition duration
    'grayscale(600)': 'grayscale(1)' //600ms transition duration
    },
...
```
And in your HTML:
```
<div class="filter-grayscale hover:filter-none h-screen bg-cover bg-center" style="background-image: url(https://images.unsplash.com/photo-1500964757637-c85e8a162699?ixlib=rb-1.2.1&ixid=eyJhcHBfaWQiOjEyMDd9&auto=format&fit=crop&w=1978&q=80)"></div>
```
This would style the image with the grayscale filter, and then on hover is would transition to no filter (taking 400ms), and then on mouse out it would transition back to color (taking 600ms).

I hope you like it :)

Richard
6

Bump ws from 7.3.1 to 7.4.6
Bumps ws from 7.3.1 to 7.4.6.
Release notes

Sourced from ws's releases.
7.4.6

Bug fixes
- Fixed a ReDoS vulnerability (00c425ec).
A specially crafted value of the Sec-Websocket-Protocol header could be used to significantly slow down a ws server.
```
for (const length of [1000, 2000, 4000, 8000, 16000, 32000]) {
  const value = 'b' + ' '.repeat(length) + 'x';
  const start = process.hrtime.bigint();
value.trim().split(/ *, */);
const end = process.hrtime.bigint();
console.log('length = %d, time = %f ns', length, end - start);
}
```
The vulnerability was responsibly disclosed along with a fix in private by Robert McLaughlin from University of California, Santa Barbara.

In vulnerable versions of ws, the issue can be mitigated by reducing the maximum allowed length of the request headers using the --max-http-header-size=size and/or the maxHeaderSize options.

7.4.5

Bug fixes
- UTF-8 validation is now done even if utf-8-validate is not installed (23ba6b29).
- Fixed an edge case where websocket.close() and websocket.terminate() did not close the connection (67e25ff5).
7.4.4

Bug fixes
- Fixed a bug that could cause the process to crash when using the permessage-deflate extension (92774377).
7.4.3

Bug fixes
- The deflate/inflate stream is now reset instead of reinitialized when context takeover is disabled (#1840).
7.4.2

Bug fixes
... (truncated)
Commits
- f5297f7 [dist] 7.4.6
- 00c425e [security] Fix ReDoS vulnerability
- 990306d [lint] Fix prettier error
- 32e3a84 [security] Remove reference to Node Security Project
- 8c914d1 [minor] Fix nits
- fc7e27d [ci] Test on node 16
- 587c201 [ci] Do not test on node 15
- f672710 [dist] 7.4.5
- 67e25ff [fix] Fix case where abortHandshake() does not close the connection
- 23ba6b2 [fix] Make UTF-8 validation work even if utf-8-validate is not installed
- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:
- @dependabot rebase will rebase this PR
- @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
- @dependabot merge will merge this PR after your CI passes on it
- @dependabot squash and merge will squash and merge this PR after your CI passes on it
- @dependabot cancel merge will cancel a previously requested merge and block automerging
- @dependabot reopen will reopen this PR if it is closed
- @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
- @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
- @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
- @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the Security Alerts page.
7

Bump postcss from 7.0.32 to 8.2.10
Bumps postcss from 7.0.32 to 8.2.10.
Release notes

Sourced from postcss's releases.
8.2.10
- Fixed ReDoS vulnerabilities in source map parsing.
- Fixed webpack 5 support (by @barak007).
- Fixed docs (by @roelandmoors).
8.2.9
- Exported NodeErrorOptions type (by @realityking)
8.2.8
- Fixed browser builds in webpack 5 (by @mattcompiles).
8.2.7
- Fixed browser builds in webpack 5 (by @mattcompiles).
8.2.6
- Fixed Maximum call stack size exceeded in Node#toJSON.
- Fixed docs (by @inokawa).
8.2.5
- Fixed escaped characters handling in list.split (by @nex3).
8.2.4
- Added plugin name to postcss.plugin() warning (by @Alphy11).
- Fixed docs (by @billcolumbia).
8.2.3
- Fixed JSON.stringify(Node[]) support (by @mischnic).
8.2.2
- Fixed CSS-in-JS support (by @43081j).
- Fixed plugin types (by @ludofischer).
- Fixed Result#warn() types.
8.2.1
- Fixed Node#toJSON() and postcss.fromJSON() (by @mischnic).
8.2 “Prince Orobas”

PostCSS 8.2 added a new API to serialize and deserialize CSS AST to JSON.
```
import { parse, fromJSON } from 'postcss'
let root = parse('a{}', { from: 'input.css' })
let json = root.toJSON()
// save to file, send by network, etc
let root2 = fromJSON(json)
```
... (truncated)
Changelog

Sourced from postcss's changelog.
8.2.10
- Fixed ReDoS vulnerabilities in source map parsing.
- Fixed webpack 5 support (by Barak Igal).
- Fixed docs (by Roeland Moors).
8.2.9
- Exported NodeErrorOptions type (by Rouven Weßling).
8.2.8
- Fixed browser builds in webpack 4 (by Matt Jones).
8.2.7
- Fixed browser builds in webpack 5 (by Matt Jones).
8.2.6
- Fixed Maximum call stack size exceeded in Node#toJSON.
- Fixed docs (by inokawa).
8.2.5
- Fixed escaped characters handling in list.split (by Natalie Weizenbaum).
8.2.4
- Added plugin name to postcss.plugin() warning (by Tom Williams).
- Fixed docs (by Bill Columbia).
8.2.3
- Fixed JSON.stringify(Node[]) support (by Niklas Mischkulnig).
8.2.2
- Fixed CSS-in-JS support (by James Garbutt).
- Fixed plugin types (by Ludovico Fischer).
- Fixed Result#warn() types.
8.2.1
- Fixed Node#toJSON() and postcss.fromJSON() (by Niklas Mischkulnig).
8.2 “Prince Orobas”
- Added Node#toJSON() and postcss.fromJSON() (by Niklas Mischkulnig).
8.1.14
- Fixed parser performance regression.
8.1.13
- Fixed broken AST after moving nodes in visitor API.
8.1.12
- Fixed Autoprefixer regression.
8.1.11
- Added PostCSS update suggestion on unknown event in plugin.
... (truncated)
Commits
- 8395d9f Release 8.2.10 version
- f2baaa7 Update ESLint config
- b6f3e4d Fix unsafe regexp in getAnnotationURL() too
- 4bcd727 Merge pull request #1553 from barak007/patch-2
- 7c2e97a Add covrage ignore on error paths
- 8c58434 Apply suggestions from code review
- ff2fd57 add error for sourcePath
- 8f02bdc disable url based features
- a54d020 Fix browser bundling with webpack 5
- 8682b1e Fix unsafe regexp
- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:
- @dependabot rebase will rebase this PR
- @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
- @dependabot merge will merge this PR after your CI passes on it
- @dependabot squash and merge will squash and merge this PR after your CI passes on it
- @dependabot cancel merge will cancel a previously requested merge and block automerging
- @dependabot reopen will reopen this PR if it is closed
- @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
- @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
- @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
- @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the Security Alerts page.
8

Bump node-fetch from 2.6.0 to 2.6.1
Bumps node-fetch from 2.6.0 to 2.6.1.

Release notes

Sourced from node-fetch's releases.

v2.6.1

This is an important security release. It is strongly recommended to update as soon as possible.

See CHANGELOG for details.
Changelog

Sourced from node-fetch's changelog.
v2.6.1

This is an important security release. It is strongly recommended to update as soon as possible.
- Fix: honor the size option after following a redirect.
Commits
- b5e2e41 update version number
- 2358a6c Honor the size option after following a redirect and revert data uri support
- 8c197f8 docs: Fix typos and grammatical errors in README.md (#686)
- 1e99050 fix: Change error message thrown with redirect mode set to error (#653)
- 244e6f6 docs: Show backers in README
- 6a5d192 fix: Properly parse meta tag when parameters are reversed (#682)
- 47a24a0 chore: Add opencollective badge
- 7b13662 chore: Add funding link
- 5535c2e fix: Check for global.fetch before binding it (#674)
- 1d5778a docs: Add Discord badge
- Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by akepinski, a new releaser for node-fetch since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:
- @dependabot rebase will rebase this PR
- @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
- @dependabot merge will merge this PR after your CI passes on it
- @dependabot squash and merge will squash and merge this PR after your CI passes on it
- @dependabot cancel merge will cancel a previously requested merge and block automerging
- @dependabot reopen will reopen this PR if it is closed
- @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
- @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
- @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
- @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the Security Alerts page.
9

Bump lodash from 4.17.15 to 4.17.19
Bumps lodash from 4.17.15 to 4.17.19.

Release notes

Sourced from lodash's releases.

4.17.16
Commits
- d7fbc52 Bump to v4.17.19
- 2e1c0f2 Add npm-package
- 1b6c282 Bump to v4.17.18
- a370ac8 Bump to v4.17.17
- 1144918 Rebuild lodash and docs
- 3a3b0fd Bump to v4.17.16
- c84fe82 fix(zipObjectDeep): prototype pollution (#4759)
- e7b28ea Sanitize sourceURL so it cannot affect evaled code (#4518)
- 0cec225 Fix lodash.isEqual for circular references (#4320) (#4515)
- 94c3a81 Document matches* shorthands for over* methods (#4510) (#4514)
- Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by mathias, a new releaser for lodash since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:
- @dependabot rebase will rebase this PR
- @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
- @dependabot merge will merge this PR after your CI passes on it
- @dependabot squash and merge will squash and merge this PR after your CI passes on it
- @dependabot cancel merge will cancel a previously requested merge and block automerging
- @dependabot reopen will reopen this PR if it is closed
- @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
- @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
- @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
- @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the Security Alerts page.
10

Bump acorn from 6.4.0 to 6.4.1
Bumps acorn from 6.4.0 to 6.4.1.
Commits
- 9a2e9b6 Mark version 6.4.1
- 90a9548 More rigorously check surrogate pairs in regexp validator
- See full diff in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:
- @dependabot rebase will rebase this PR
- @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
- @dependabot merge will merge this PR after your CI passes on it
- @dependabot squash and merge will squash and merge this PR after your CI passes on it
- @dependabot cancel merge will cancel a previously requested merge and block automerging
- @dependabot reopen will reopen this PR if it is closed
- @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
- @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
- @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
- @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the Security Alerts page.
11

Bump handlebars from 4.1.2 to 4.5.3
Bumps handlebars from 4.1.2 to 4.5.3.
Changelog

Sourced from handlebars's changelog.
v4.5.3 - November 18th, 2019

Bugfixes:
- fix: add "no-prototype-builtins" eslint-rule and fix all occurences - f7f05d7
- fix: add more properties required to be enumerable - 1988878
Chores / Build:
- fix: use !== 0 instead of != 0 - c02b05f
- add chai and dirty-chai and sinon, for cleaner test-assertions and spies, deprecate old assertion-methods - 93e284e, 886ba86, 0817dad, 93516a0
Security:
- The properties __proto__, __defineGetter__, __defineSetter__ and __lookupGetter__ have been added to the list of "properties that must be enumerable". If a property by that name is found and not enumerable on its parent, it will silently evaluate to undefined. This is done in both the compiled template and the "lookup"-helper. This will prevent new Remote-Code-Execution exploits that have been published recently.
Compatibility notes:
- Due to the security-fixes. The semantics of the templates using __proto__, __defineGetter__, __defineSetter__ and __lookupGetter__ in the respect that those expression now return undefined rather than their actual value from the proto.
- The semantics have not changed in cases where the properties are enumerable, as in:
```
{
  __proto__: 'some string'
}
```
- The change may be breaking in that respect, but we still only increase the patch-version, because the incompatible use-cases are not intended, undocumented and far less important than fixing Remote-Code-Execution exploits on existing systems.
Commits

v4.5.2 - November 13th, 2019

Bugfixes
- fix: use String(field) in lookup when checking for "constructor" - d541378
- test: add fluent API for testing Handlebars - c2ac79c
Compatibility notes:
- no incompatibility are to be expected
... (truncated)
Commits
- c819c8b v4.5.3
- 827c9d0 Update release notes
- f7f05d7 fix: add "no-prototype-builtins" eslint-rule and fix all occurences
- 1988878 fix: add more properties required to be enumerable
- 886ba86 test/chore: add chai/expect and sinon to "runtime"-environment
- 0817dad test: add sinon as global variable to eslint in the specs
- 93516a0 test: add sinon.js for spies, deprecate current assertions
- 93e284e chore: add chai and dirty-chai for better test assertions
- c02b05f fix: use !== 0 instead of != 0
- 8de121d v4.5.2
- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:
- @dependabot rebase will rebase this PR
- @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
- @dependabot merge will merge this PR after your CI passes on it
- @dependabot squash and merge will squash and merge this PR after your CI passes on it
- @dependabot cancel merge will cancel a previously requested merge and block automerging
- @dependabot reopen will reopen this PR if it is closed
- @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
- @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
- @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
- @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
- @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the Security Alerts page.
12

Bump node-fetch from 2.6.0 to 2.6.7
Bumps node-fetch from 2.6.0 to 2.6.7.
Release notes

Sourced from node-fetch's releases.
v2.6.7

Security patch release

Recommended to upgrade, to not leak sensitive cookie and authentication header information to 3th party host while a redirect occurred

What's Changed
- fix: don't forward secure headers to 3th party by @jimmywarting in node-fetch/node-fetch#1453
Full Changelog: https://github.com/node-fetch/node-fetch/compare/v2.6.6...v2.6.7

v2.6.6

What's Changed
- fix(URL): prefer built in URL version when available and fallback to whatwg by @jimmywarting in node-fetch/node-fetch#1352
Full Changelog: https://github.com/node-fetch/node-fetch/compare/v2.6.5...v2.6.6

v2.6.2

fixed main path in package.json

v2.6.1

This is an important security release. It is strongly recommended to update as soon as possible.

See CHANGELOG for details.
Changelog

Sourced from node-fetch's changelog.
Changelog

All notable changes will be recorded here.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

What's Changed
- core: update fetch-blob by @jimmywarting in node-fetch/node-fetch#1371
- docs: Fix typo around sending a file by @jimmywarting in node-fetch/node-fetch#1381
- core: (http.request): Cast URL to string before sending it to NodeJS core by @jimmywarting in node-fetch/node-fetch#1378
- core: handle errors from the request body stream by @mdmitry01 in node-fetch/node-fetch#1392
- core: Better handle wrong redirect header in a response by @tasinet in node-fetch/node-fetch#1387
- core: Don't use buffer to make a blob by @jimmywarting in node-fetch/node-fetch#1402
- docs: update readme for TS @types/node-fetch by @adamellsworth in node-fetch/node-fetch#1405
- core: Fix logical operator priority to disallow GET/HEAD with non-empty body by @maxshirshin in node-fetch/node-fetch#1369
- core: Don't use global buffer by @jimmywarting in node-fetch/node-fetch#1422
- ci: fix main branch by @dnalborczyk in node-fetch/node-fetch#1429
- core: use more node: protocol imports by @dnalborczyk in node-fetch/node-fetch#1428
- core: Warn when using data by @jimmywarting in node-fetch/node-fetch#1421
- docs: Create SECURITY.md by @JamieSlome in node-fetch/node-fetch#1445
- core: don't forward secure headers to 3th party by @jimmywarting in node-fetch/node-fetch#1449
New Contributors
- @mdmitry01 made their first contribution in node-fetch/node-fetch#1392
- @tasinet made their first contribution in node-fetch/node-fetch#1387
- @adamellsworth made their first contribution in node-fetch/node-fetch#1405
- @maxshirshin made their first contribution in node-fetch/node-fetch#1369
- @JamieSlome made their first contribution in node-fetch/node-fetch#1445
Full Changelog: https://github.com/node-fetch/node-fetch/compare/v3.1.0...v3.1.2

3.1.0

What's Changed
- fix(Body): Discourage form-data and buffer() by @jimmywarting in node-fetch/node-fetch#1212
- fix: Pass url string to http.request by @serverwentdown in node-fetch/node-fetch#1268
- Fix octocat image link by @lakuapik in node-fetch/node-fetch#1281
- fix(Body.body): Normalize Body.body into a node:stream by @jimmywarting in node-fetch/node-fetch#924
- docs(Headers): Add default Host request header to README.md file by @robertoaceves in node-fetch/node-fetch#1316
- Update CHANGELOG.md by @jimmywarting in node-fetch/node-fetch#1292
- Add highWaterMark to cloned properties by @davesidious in node-fetch/node-fetch#1162
- Update README.md to fix HTTPResponseError by @thedanfernandez in node-fetch/node-fetch#1135
- docs: switch url to URL by @dhritzkiv in node-fetch/node-fetch#1318
- fix(types): declare buffer() deprecated by @dnalborczyk in node-fetch/node-fetch#1345
- chore: fix lint by @dnalborczyk in node-fetch/node-fetch#1348
- refactor: use node: prefix for imports by @dnalborczyk in node-fetch/node-fetch#1346
- Bump data-uri-to-buffer from 3.0.1 to 4.0.0 by @dependabot in node-fetch/node-fetch#1319
- Bump mocha from 8.4.0 to 9.1.3 by @dependabot in node-fetch/node-fetch#1339
- Referrer and Referrer Policy by @tekwiz in node-fetch/node-fetch#1057
- Add typing for Response.redirect(url, status) by @c-w in node-fetch/node-fetch#1169
... (truncated)
Commits
- 1ef4b56 backport of #1449 (#1453)
- 8fe5c4e 2.x: Specify encoding as an optional peer dependency in package.json (#1310)
- f56b0c6 fix(URL): prefer built in URL version when available and fallback to whatwg (...
- b5417ae fix: import whatwg-url in a way compatible with ESM Node (#1303)
- 18193c5 fix v2.6.3 that did not sending query params (#1301)
- ace7536 fix: properly encode url with unicode characters (#1291)
- 152214c Fix(package.json): Corrected main file path in package.json (#1274)
- b5e2e41 update version number
- 2358a6c Honor the size option after following a redirect and revert data uri support
- 8c197f8 docs: Fix typos and grammatical errors in README.md (#686)
- Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by endless, a new releaser for node-fetch since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:
- @dependabot rebase will rebase this PR
- @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
- @dependabot merge will merge this PR after your CI passes on it
- @dependabot squash and merge will squash and merge this PR after your CI passes on it
- @dependabot cancel merge will cancel a previously requested merge and block automerging
- @dependabot reopen will reopen this PR if it is closed
- @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
- @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
- @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
- @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the Security Alerts page.
13

Bump ws from 7.3.1 to 7.5.6
Bumps ws from 7.3.1 to 7.5.6.
Release notes

Sourced from ws's releases.
7.5.6

Bug fixes
- Backported b8186dd1 to the 7.x release line (73dec34b).
- Backported ed2b8039 to the 7.x release line (22a26afb).
7.5.5

Bug fixes
- Backported ec9377ca to the 7.x release line (0e274acd).
7.5.4

Bug fixes
- Backported 6a72da3e to the 7.x release line (76087fbf).
- Backported 869c9892 to the 7.x release line (27997933).
7.5.3

Bug fixes
- The WebSocketServer constructor now throws an error if more than one of the noServer, server, and port options are specefied (66e58d27).
- Fixed a bug where a 'close' event was emitted by a WebSocketServer before the internal HTTP/S server was actually closed (5a587304).
- Fixed a bug that allowed WebSocket connections to be established after WebSocketServer.prototype.close() was called (772236a1).
7.5.2

Bug fixes
- The opening handshake is now aborted if the client receives a Sec-WebSocket-Extensions header but no extension was requested or if the server indicates an extension not requested by the client (aca94c86).
7.5.1

Bug fixes
- Fixed an issue that prevented the connection from being closed properly if an error occurred simultaneously on both peers (b434b9f1).
7.5.0

Features
- Some errors now have a code property describing the specific type of error that has occurred (#1901).
Bug fixes
- A close frame is now sent to the remote peer if an error (such as a data framing error) occurs (8806aa9a).
... (truncated)
Commits
- 8ecd890 [dist] 7.5.6
- 22a26af [fix] Resume the socket in the CLOSING state
- 73dec34 [fix] Do not throw if the redirect URL is invalid
- 2d968a6 [dist] 7.5.5
- ab5fcd6 [doc] Change label text to CI
- aa21e70 [ci] Use Github Actions for Windows x86 testing
- e519810 [pkg] Update eslint-plugin-prettier to version 4.0.0
- 0e274ac [minor] Skip unnecessary operations if the socket is already closed
- 075752d [dist] 7.5.4
- 2799793 [fix] Resume the socket in the next tick
- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:
- @dependabot rebase will rebase this PR
- @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
- @dependabot merge will merge this PR after your CI passes on it
- @dependabot squash and merge will squash and merge this PR after your CI passes on it
- @dependabot cancel merge will cancel a previously requested merge and block automerging
- @dependabot reopen will reopen this PR if it is closed
- @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
- @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
- @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
- @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the Security Alerts page.
14

Bump color-string from 1.5.3 to 1.9.0
Bumps color-string from 1.5.3 to 1.9.0.
Release notes

Sourced from color-string's releases.
1.9.0

Minor Release 1.9.0
- Add parsing of exponential alpha values for HWB and HSL (#66)
Thanks to @babycannotsay for their contribution!

1.8.2

Patch release 1.8.2
- Fix incorrect handling of optional comma in rgb() regex (#65)
Thanks to @gerdasi and @mastertheblaster for reporting and confirming the bug!

1.8.1

Patch release 1.8.1
- Fix rgb alpha percentage parsing from int to float (#61)
Thanks to @clytras for their contribution!

1.8.0

Minor release 1.8.0
- Add anchors to keyword regex (#64)
Thanks to @cq360767996 for their contribution!

1.7.4

Patch Release 1.7.4
- Fix bug in .to.hex() output if the inputs aren't rounded numbers (#25)
1.7.3

Patch Release 1.7.3
- Fix hue modulo operation (#50)
Thanks to @adroitwhiz for their contributions.

1.7.2

Patch Release 1.7.2
- Fix issue where color-string with incorrectly return a color for properties on Object's prototype like "constructor". (#45)
Thanks to @tolmasky for their contributions.

1.7.1

Patch release 1.7.1
... (truncated)
Commits
- See full diff in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:
- @dependabot rebase will rebase this PR
- @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
- @dependabot merge will merge this PR after your CI passes on it
- @dependabot squash and merge will squash and merge this PR after your CI passes on it
- @dependabot cancel merge will cancel a previously requested merge and block automerging
- @dependabot reopen will reopen this PR if it is closed
- @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
- @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
- @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
- @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the Security Alerts page.
15

Bump tmpl from 1.0.4 to 1.0.5
Bumps tmpl from 1.0.4 to 1.0.5.
Commits
- See full diff in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:
- @dependabot rebase will rebase this PR
- @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
- @dependabot merge will merge this PR after your CI passes on it
- @dependabot squash and merge will squash and merge this PR after your CI passes on it
- @dependabot cancel merge will cancel a previously requested merge and block automerging
- @dependabot reopen will reopen this PR if it is closed
- @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
- @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
- @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
- @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the Security Alerts page.
16

Bump path-parse from 1.0.6 to 1.0.7
Bumps path-parse from 1.0.6 to 1.0.7.
Commits
- See full diff in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:
- @dependabot rebase will rebase this PR
- @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
- @dependabot merge will merge this PR after your CI passes on it
- @dependabot squash and merge will squash and merge this PR after your CI passes on it
- @dependabot cancel merge will cancel a previously requested merge and block automerging
- @dependabot reopen will reopen this PR if it is closed
- @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
- @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
- @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
- @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the Security Alerts page.
17

Bump postcss from 7.0.32 to 7.0.36
Bumps postcss from 7.0.32 to 7.0.36.
Release notes

Sourced from postcss's releases.
7.0.36
- Backport ReDoS vulnerabilities from PostCSS 8.
7.0.35
- Add migration guide link to PostCSS 8 error text.
7.0.34
- Fix compatibility with postcss-scss 2.
7.0.33
- Add error message for PostCSS 8 plugins.
Changelog

Sourced from postcss's changelog.
7.0.36
- Backport ReDoS vulnerabilities from PostCSS 8.
7.0.35
- Add migration guide link to PostCSS 8 error text.
7.0.34
- Fix compatibility with postcss-scss 2.
7.0.33
- Add error message for PostCSS 8 plugins.
7.0.36
- Backport ReDoS vulnerabilities from PostCSS 8.
7.0.35
- Add migration guide link to PostCSS 8 error text.
7.0.34
- Fix compatibility with postcss-scss 2.
7.0.33
- Add error message for PostCSS 8 plugins.
Commits
- 67e3d7b Release 7.0.36 version
- 54cbf3c Backport ReDoS vulnerabilities from PostCSS 8
- 12832f3 Release 7.0.35 version
- 4455ef6 Use OpenCollective in funding
- e867c79 Add migration guide to PostCSS 8 error
- 32a22a9 Release 7.0.34 version
- 2293982 Lock build targets
- 2c3a111 Release 7.0.33 version
- 4105f21 Use yaspeller instead of yaspeller-ci
- c8d02a0 Revert yaspeller-ci removal
- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:
- @dependabot rebase will rebase this PR
- @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
- @dependabot merge will merge this PR after your CI passes on it
- @dependabot squash and merge will squash and merge this PR after your CI passes on it
- @dependabot cancel merge will cancel a previously requested merge and block automerging
- @dependabot reopen will reopen this PR if it is closed
- @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
- @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
- @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
- @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the Security Alerts page.

Tailwind CSS plugin to generate filter and backdrop filter utilities

Be aware. Be angry. Do better. Demand change. Show your support any way you can. Click on the link above to find protests, petitions, and other ways to help. DO NOT LET IT GO SILENT.

Filters Plugin for Tailwind CSS

Requirements

Installation

Usage

Github

Comments(17)

Add possibility to provide a function config (to receive the 'theme' helper)

Now Requires Unknown Dependency

[question] compatible with Tailwind 2.0?

Hover classes

Add hover functionality with CSS transitions

Bump ws from 7.3.1 to 7.4.6

7.4.6

Bug fixes

7.4.5

Bug fixes

7.4.4

Bug fixes

7.4.3

Bug fixes

7.4.2

Bug fixes

Bump postcss from 7.0.32 to 8.2.10

8.2.10

8.2.9

8.2.8

8.2.7

8.2.6

8.2.5

8.2.4

8.2.3

8.2.2

8.2.1

8.2 “Prince Orobas”

8.2.10

8.2.9

8.2.8

8.2.7

8.2.6

8.2.5

8.2.4

8.2.3

8.2.2

8.2.1

8.2 “Prince Orobas”

8.1.14

8.1.13

8.1.12

8.1.11

Bump node-fetch from 2.6.0 to 2.6.1

v2.6.1

v2.6.1

Bump lodash from 4.17.15 to 4.17.19

4.17.16

Bump acorn from 6.4.0 to 6.4.1

Bump handlebars from 4.1.2 to 4.5.3

v4.5.3 - November 18th, 2019

v4.5.2 - November 13th, 2019

Bugfixes

Bump node-fetch from 2.6.0 to 2.6.7

v2.6.7

Security patch release

What's Changed

v2.6.6

What's Changed

v2.6.2

v2.6.1

Changelog

What's Changed

New Contributors

3.1.0

What's Changed

Bump ws from 7.3.1 to 7.5.6

7.5.6

Bug fixes

7.5.5

Bug fixes

7.5.4