Gatsby starter styled with Tailwind CSS

  • By Taylor Bryant
  • Last update: Dec 22, 2022
  • Comments: 17

Gatsby Starter Tailwind

All Contributors

Gatsby and Tailwind CSS logos
A Gatsby starter styled using Tailwind CSS, a utility-first CSS framework.
Uses Tailwind CSS' built-in purge option to remove unused CSS.
Illustrations by unDraw.

alt text

View demo here.

What is Tailwind CSS?

"Tailwind CSS is a utility-first CSS framework for rapidly building custom user interfaces." –Tailwind CSS

What is Gatsby?

"Gatsby is a free and open source framework based on React that helps developers build blazing fast websites and apps." -Gatsby

Get started

Install the Gatsby CLI:

npm install --global gatsby-cli

Create a new Gatsby project using this starter:

gatsby new my-new-website https://github.com/taylorbryant/gatsby-starter-tailwind

Build a stylesheet from your Tailwind CSS config and run the project in development mode:

cd my-new-website
npm run develop

Format and lint

  • npm run analyze - See what ESLint and Prettier can fix
  • npm run fix - Run Prettier and ESLint with the --fix option

Build your site

Use npm run build to build your site for production.

Deployment

Netlify

Deploy to Netlify

Vercel

Deploy with Vercel

Resources

License

MIT

How you can help

Enjoying Gatsby Starter Tailwind and want to help? You can:

Contributors

Thanks goes to these wonderful people (emoji key):

impulse
impulse
💻 		Georgios Andreadis
Georgios Andreadis
💻 		Chris
Chris
💻 		Dhaifallah Alwadani
Dhaifallah Alwadani
💻 		Nigel Ball
Nigel Ball
🤔 💻 		Monte Hayward
Monte Hayward
💻 		Luke Bennett
Luke Bennett
💻

This project follows the all-contributors specification. Contributions of any kind welcome!

Github

https://github.com/taylorbryant/gatsby-starter-tailwind

Comments(17)

  • 1

    Using TailwindUI with Alpinejs OR React component for this starter

    Hi,

    I tried your project, and it was speedy to start.

    Since this week, I'm using TailwindUI (TWUI). I tested TWUI's components with plain index.html files and it works perfectly. I did follow the configurations to add the @tailwindcss/ui plugin from the docs.

    Now, I want to step up a notch by using Gatsby. That's why I found your project.

    I tried to configure the TWUI elements in "gatsby-starter-tailwind," but I failed. There are too many errors to bug you with them. I'm new to Gatsby and React but comfortable with CSS stuff.

    Question: do you plan to offer a template for the TWUI product? Looking at the docs it should be easy to do.

    Thanks in advance!

  • 2

    Stuck at createPagesStatefully while executing gatsby develop

    This is my second project working with this starter. I often get stuck on '⠋ createPagesStatefully'. When stuck, basically nothing happens. I would love to debug this issue, yet no idea where to start. 🤔

  • 3

    Lof of Warnings. How to fix this?

    After trying to install it, I get a lot of warnings:

    warning gatsby > @hapi/[email protected]: This version has been deprecated and is no longer supported or maintained
warning gatsby > babel-plugin-add-module-exports > [email protected]: Chokidar 2 will break on node v14+. Upgrade to chokidar 3 with 15x less dependencies.
warning gatsby > [email protected]: [email protected]<3 is no longer maintained and not recommended for usage due to the number of issues. Please, upgrade your dependencies to the actual version of [email protected]
warning gatsby > @babel/polyfill > [email protected]: [email protected]<3 is no longer maintained and not recommended for usage due to the number of issues. Please, upgrade your dependencies to the actual version of [email protected]
warning gatsby > gatsby-cli > @hapi/[email protected]: This version has been deprecated and is no longer supported or maintained
warning gatsby > webpack-dev-server > [email protected]: Chokidar 2 will break on node v14+. Upgrade to chokidar 3 with 15x less dependencies.
warning gatsby > @hapi/joi > @hapi/[email protected]: This version has been deprecated and is no longer supported or maintained
warning gatsby > @hapi/joi > @hapi/[email protected]: This version has been deprecated and is no longer supported or maintained
warning gatsby > @hapi/joi > @hapi/[email protected]: This version has been deprecated and is no longer supported or maintained
warning gatsby > @hapi/joi > @hapi/[email protected]: This version has been deprecated and is no longer supported or maintained
warning gatsby > @hapi/joi > @hapi/topo > @hapi/[email protected]: This version has been deprecated and is no longer supported or maintained
warning gatsby > babel-plugin-add-module-exports > chokidar > [email protected]: fsevents 1 will break on node v14+ and could be using insecure binaries. Upgrade to fsevents 2.
warning gatsby > gatsby-cli > gatsby-recipes > @hapi/[email protected]: This version has been deprecated and is no longer supported or maintained
warning gatsby > gatsby-cli > gatsby-recipes > @hapi/[email protected]: This version has been deprecated and is no longer supported or maintained
warning gatsby > gatsby-cli > yurnalist > babel-runtime > [email protected]: [email protected]<3 is no longer maintained and not recommended for usage due to the number of issues. Please, upgrade your dependencies to the actual version of [email protected]
warning gatsby > webpack > watchpack > watchpack-chokidar2 > [email protected]: Chokidar 2 will break on node v14+. Upgrade to chokidar 3 with 15x less dependencies.
warning gatsby > eslint-plugin-graphql > graphql-config > [email protected]: GraphQL Import has been deprecated and merged into GraphQL Tools, so it will no longer get updates. Use GraphQL Tools instead to stay up-to-date! Check out https://www.graphql-tools.com/docs/migration-from-import for migration and https://the-guild.dev/blog/graphql-tools-v6 for new changes.
warning gatsby > micromatch > snapdragon > source-map-resolve > [email protected]: https://github.com/lydell/resolve-url#deprecated
warning gatsby > micromatch > snapdragon > source-map-resolve > [email protected]: Please see https://github.com/lydell/urix#deprecated
warning gatsby-plugin-offline > workbox-build > @hapi/[email protected]: This version has been deprecated and is no longer supported or maintained
warning gatsby-plugin-sharp > probe-image-size > [email protected]: request has been deprecated, see https://github.com/request/request/issues/3142

    Any idea how to fix this?

  • 4

    chore(deps): bump gatsby-plugin-manifest from 2.4.22 to 2.4.23

    Bumps gatsby-plugin-manifest from 2.4.22 to 2.4.23.

    Changelog

    Sourced from gatsby-plugin-manifest's changelog.

    2.4.23 (2020-08-11)

    Note: Version bump only for package gatsby-plugin-manifest

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
    • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

    Additionally, you can set the following in your Dependabot dashboard:

    • Update frequency (including time of day and day of week)
    • Pull request limits (per update run and/or open at any time)
    • Out-of-range updates (receive only lockfile updates, if desired)
    • Security updates (receive only security updates, if desired)
  • 5

    Any tips on how I can get this starter to work with Tailwind UI components?

    Hi Tailwind UI early access was released today. UI components, crafted by the creators of Tailwind CSS. HTML components, designed and developed by Adam Wathan and Steve Schoger. See https://tailwindui.com/

    How do I get them included in the gatsby starter?

  • 6

    semantic elements use: main, nav / li ?

    hey @taylorbryant & contributors, would you consider using semantic html5 elements in this starter?

    examples:

    an unordered list in nav.js instead of divs. https://github.com/Oddstronaut/gatsby-starter-tailwind/blob/667d5239dcf53bb3a6ad5337ac4655ffa047596b/src/components/header.js#L10

    a <main element in pages: https://github.com/Oddstronaut/gatsby-starter-tailwind/blob/667d5239dcf53bb3a6ad5337ac4655ffa047596b/src/pages/index.js#L15

    i'd be happy to contribute that if you consider it helpful. thanks, Monte

  • 7

    Can't modify Tailwind config?

    Hey, thanks for the template. I've been using it for a new project and it's worked great so far, but when I tried to add some new values to the tailwind.config.js it doesn't seem to generate the new selectors.

    Do you happento know why this might be happening?

    Thank you for sharing this template.

  • 8

    Unable to start new project - Error: Cannot find module 'core-js/modules/es6.object.assign'

    To reproduce:

    npm i --global gatsby-cli
gatsby new test https://github.com/taylorbryant/gatsby-starter-tailwind
cd test
gatsby develop

    output;

    success open and validate gatsby-configs - 0.130s
success load plugins - 0.316s
success onPreInit - 0.013s
success initialize cache - 0.007s
success copy gatsby files - 0.062s
success onPreBootstrap - 0.011s
success createSchemaCustomization - 0.010s
success source and transform nodes - 0.040s
success building schema - 0.213s
success createPages - 0.002s
warn Warning: Empty string transition configs (e.g., `{ on: { '': ... }}`) for transient transitions are deprecated. Specify the transition in the `{ always: ... }` property instead. Please check
warn Warning: Empty string transition configs (e.g., `{ on: { '': ... }}`) for transient transitions are deprecated. Specify the transition in the `{ always: ... }` property instead. Please check
warn Warning: Empty string transition configs (e.g., `{ on: { '': ... }}`) for transient transitions are deprecated. Specify the transition in the `{ always: ... }` property instead. Please check
warn Warning: Empty string transition configs (e.g., `{ on: { '': ... }}`) for transient transitions are deprecated. Specify the transition in the `{ always: ... }` property instead. Please check
warn Warning: Empty string transition configs (e.g., `{ on: { '': ... }}`) for transient transitions are deprecated. Specify the transition in the `{ always: ... }` property instead. Please check
success createPagesStatefully - 0.113s
success updating schema - 0.035s
success onPreExtractQueries - 0.002s
success extract queries from components - 0.143s
success write out redirect data - 0.012s
success Build manifest and related icons - 0.097s
success onPostBootstrap - 0.105s
info bootstrap finished - 3.343s
success run page queries - 0.036s - 6/6 164.82/s
success write out requires - 0.007s

 ERROR

Cannot find module 'core-js/modules/es6.object.assign'
Require stack:
- /Users/dd/Projects/test/node_modules/gatsby/dist/utils/webpack.config.js
- /Users/dd/Projects/test/node_modules/gatsby/dist/utils/start-server.js
- /Users/dd/Projects/test/node_modules/gatsby/dist/services/start-webpack-server.js
- /Users/dd/Projects/test/node_modules/gatsby/dist/services/index.js
- /Users/dd/Projects/test/node_modules/gatsby/dist/commands/develop-process.js
- /Users/dd/Projects/test/.cache/tmp-33960-sa7046STp0RJ

  - loader.js:957 Function.Module._resolveFilename
    internal/modules/cjs/loader.js:957:15

  - helpers.js:83 Function.resolve
    internal/modules/cjs/helpers.js:83:19
  • 9

    Small, unrelated, minor updates

    Hi @taylorbryant, Sorry that this PR is a fix of unrelated minor fixes, but I didn't think it was worth putting into several. I think the commits are pretty self explanitory, but I'll run through each quickly anyway:

    Use consistent quotes:

    Everything except for the purgecss plugin was using backticks, so I've updated that to be the same.

    Put class names in the same order:

    Most of the classes on the navigation links are the same, it's easier to read and more consistent if they are in the same order

    Switch to useStaticQuery:

    I find the Hooks syntax easier to read that the old StaticQuery, and it's what the Gatsby team are using for their starters now, so though it was worth updating here as well.

    Update link to docs:

    Tailwind 1.0 has been released, so the old link should be updated to reflect this.

  • 10

    Upgrade to Tailwind v1 beta.

    Includes (unused) default v1 configuration in tailwind.default.js

    Hi:

    Thanks for this starter. I have created a branch to hold the changes needed to upgrade to v1 which should be released very soon.

    Yjis is my first ever pull request so accept my apologies if I've missed something.

    I have not tested deploy to Netlify or a production build, but dev build works fine.

    Nigel

  • 11

    Bump postcss from 8.3.4 to 8.4.20

    Bumps postcss from 8.3.4 to 8.4.20.

    Release notes

    Sourced from postcss's releases.

    8.4.20

    • Fixed source map generation for childless at-rules like @layer.

    8.4.19

    • Fixed whitespace preserving after AST transformations (by @​romainmenke).

    8.4.18

    • Fixed an error on absolute: true with empty sourceContent (by @​KingSora).

    8.4.17

    8.4.16

    • Fixed Root AST migration.

    8.4.15

    • Fixed AST normalization after using custom parser with old PostCSS AST.

    8.4.14

    • Print “old plugin API” warning only if plugin was used (by @​zardoy).

    8.4.13

    8.4.12

    • Fixed package.funding to have same value between all PostCSS packages.

    8.4.11

    • Fixed Declaration#raws.value type.

    8.4.10

    • Fixed package.funding URL format.

    8.4.9

    8.4.8

    • Fixed end position in empty Custom Properties.

    8.4.7

    • Fixed Node#warn() type (by @​ybiquitous).
    • Fixed comment removal in values after ,.

    8.4.6

    • Prevented comment removing when it change meaning of CSS.
    • Fixed parsing space in last semicolon-less CSS Custom Properties.
    • Fixed comment cleaning in CSS Custom Properties with space.
    • Fixed throwing an error on .root access for plugin-less case.

    ... (truncated)

    Changelog

    Sourced from postcss's changelog.

    8.4.20

    • Fixed source map generation for childless at-rules like @layer.

    8.4.19

    • Fixed whitespace preserving after AST transformations (by Romain Menke).

    8.4.18

    • Fixed an error on absolute: true with empty sourceContent (by Rene Haas).

    8.4.17

    • Fixed Node.before() unexpected behavior (by Romain Menke).
    • Added TOC to docs (by Mikhail Dedov).

    8.4.16

    • Fixed Root AST migration.

    8.4.15

    • Fixed AST normalization after using custom parser with old PostCSS AST.

    8.4.14

    • Print “old plugin API” warning only if plugin was used (by @​zardoy).

    8.4.13

    • Fixed append() error after using .parent (by Jordan Pittman).

    8.4.12

    • Fixed package.funding to have same value between all PostCSS packages.

    8.4.11

    • Fixed Declaration#raws.value type.

    8.4.10

    • Fixed package.funding URL format.

    8.4.9

    • Fixed package.funding (by Álvaro Mondéjar).

    8.4.8

    • Fixed end position in empty Custom Properties.

    8.4.7

    • Fixed Node#warn() type (by Masafumi Koba).
    • Fixed comment removal in values after ,.

    8.4.6

    • Prevented comment removing when it change meaning of CSS.
    • Fixed parsing space in last semicolon-less CSS Custom Properties.
    • Fixed comment cleaning in CSS Custom Properties with space.
    • Fixed throwing an error on .root access for plugin-less case.

    ... (truncated)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • 12

    Bump prettier from 2.3.2 to 2.8.2

    Bumps prettier from 2.3.2 to 2.8.2.

    Release notes

    Sourced from prettier's releases.

    2.8.2

    🔗 Changelog

    2.8.1

    🔗 Changelog

    2.8.0

    diff

    🔗 Release note

    2.7.1

    🔗 Changelog

    2.7.0

    diff

    🔗 Release note

    2.6.2

    🔗 Changelog

    2.6.1

    🔗 Changelog

    2.6.0

    🔗 Release note

    2.5.1

    🔗 Changelog

    2.5.0

    diff

    🔗 Release note

    2.4.1

    🔗 Changelog

    2.4.0

    diff

    Release note

    Changelog

    Sourced from prettier's changelog.

    2.8.2

    diff

    Don't lowercase link references (#13155 by @​DerekNonGeneric & @​fisker)

    <!-- Input -->
We now don't strictly follow the release notes format suggested by [Keep a Changelog].

    <!-- Prettier 2.8.1 -->
We now don't strictly follow the release notes format suggested by Keep a Changelog.
    

    <!--
^^^^^^^^^^^^^^^^^^ lowercased
-->
    

    <!-- Prettier 2.8.2 -->
<Same as input>

    Preserve self-closing tags (#13691 by @​dcyriller)

    {{! Input }}
<div />
<div></div>
<custom-component />
<custom-component></custom-component>
<i />
<i></i>
<Component />
<Component></Component>

    {{! Prettier 2.8.1 }}
<div></div>
<div></div>
<custom-component></custom-component>
<custom-component></custom-component>
<i></i>
<i></i>
<Component />
<Component />
    

    {{! Prettier 2.8.2 }}
</tr></table>

    ... (truncated)

    Commits
    • ac88438 Release 2.8.2
    • aaf9190 Fix comments after directive (#14081)
    • 9e09a78 Stop inserting space in LESS property access (#14103)
    • 0c5d4f3 Fix removing commas from function arguments in maps (#14089)
    • b77d912 ember / glimmer: Preserve self-closing tags (#13691)
    • cf36209 Handlebars: Add tests for {{! prettier-ignore}} (#13693)
    • f8e1ad8 Add parens to head of ExpressionStatement instead of whole statement (#14077)
    • 8034bad Build(deps): Bump json5 from 2.2.0 to 2.2.3 in /scripts/release (#14104)
    • 31d4010 Build(deps): Bump json5 from 2.2.1 to 2.2.3 in /website (#14101)
    • 41cee06 Do not change case of property name if inside a variable declaration in LESS ...
    • Additional commits viewable in compare view
    Maintainer changes

    This version was pushed to npm by prettier-bot, a new releaser for prettier since your current version.


    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • 13

    Bump postcss from 8.3.4 to 8.4.21

    Bumps postcss from 8.3.4 to 8.4.21.

    Release notes

    Sourced from postcss's releases.

    8.4.21

    8.4.20

    • Fixed source map generation for childless at-rules like @layer.

    8.4.19

    • Fixed whitespace preserving after AST transformations (by @​romainmenke).

    8.4.18

    • Fixed an error on absolute: true with empty sourceContent (by @​KingSora).

    8.4.17

    8.4.16

    • Fixed Root AST migration.

    8.4.15

    • Fixed AST normalization after using custom parser with old PostCSS AST.

    8.4.14

    • Print “old plugin API” warning only if plugin was used (by @​zardoy).

    8.4.13

    8.4.12

    • Fixed package.funding to have same value between all PostCSS packages.

    8.4.11

    • Fixed Declaration#raws.value type.

    8.4.10

    • Fixed package.funding URL format.

    8.4.9

    8.4.8

    • Fixed end position in empty Custom Properties.

    8.4.7

    • Fixed Node#warn() type (by @​ybiquitous).
    • Fixed comment removal in values after ,.

    8.4.6

    • Prevented comment removing when it change meaning of CSS.
    • Fixed parsing space in last semicolon-less CSS Custom Properties.

    ... (truncated)

    Changelog

    Sourced from postcss's changelog.

    8.4.21

    • Fixed Input#error types (by Aleks Hudochenkov).

    8.4.20

    • Fixed source map generation for childless at-rules like @layer.

    8.4.19

    • Fixed whitespace preserving after AST transformations (by Romain Menke).

    8.4.18

    • Fixed an error on absolute: true with empty sourceContent (by Rene Haas).

    8.4.17

    • Fixed Node.before() unexpected behavior (by Romain Menke).
    • Added TOC to docs (by Mikhail Dedov).

    8.4.16

    • Fixed Root AST migration.

    8.4.15

    • Fixed AST normalization after using custom parser with old PostCSS AST.

    8.4.14

    • Print “old plugin API” warning only if plugin was used (by @​zardoy).

    8.4.13

    • Fixed append() error after using .parent (by Jordan Pittman).

    8.4.12

    • Fixed package.funding to have same value between all PostCSS packages.

    8.4.11

    • Fixed Declaration#raws.value type.

    8.4.10

    • Fixed package.funding URL format.

    8.4.9

    • Fixed package.funding (by Álvaro Mondéjar).

    8.4.8

    • Fixed end position in empty Custom Properties.

    8.4.7

    • Fixed Node#warn() type (by Masafumi Koba).
    • Fixed comment removal in values after ,.

    8.4.6

    • Prevented comment removing when it change meaning of CSS.
    • Fixed parsing space in last semicolon-less CSS Custom Properties.

    ... (truncated)

    Commits
    • 32ced0e Release 8.4.21 version
    • a936b80 Update dependencies
    • c9bd445 Fix types
    • 4ad96d1 Merge pull request #1811 from hudochenkov/fix-input-types
    • 15f5fad Add types for an Input.error()
    • 43bd2df Merge pull request #1808 from hudochenkov/update-syntaxes
    • 292b8f0 Add postcss-styled-syntax to list of syntaxes
    • 29f5168 Update postcss-html and postcss-markdown repositories
    • 1d4c509 Release 8.4.20 version
    • 905082a Add Node.js 10 to CI
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • 14

    Bump json5 from 1.0.1 to 1.0.2

    Bumps json5 from 1.0.1 to 1.0.2.

    Release notes

    Sourced from json5's releases.

    v1.0.2

    • Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295). This has been backported to v1. (#298)
    Changelog

    Sourced from json5's changelog.

    Unreleased [code, diff]

    v2.2.3 [code, diff]

    v2.2.2 [code, diff]

    • Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

    v2.2.1 [code, diff]

    • Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)

    v2.2.0 [code, diff]

    • New: Accurate and documented TypeScript declarations are now included. There is no need to install @types/json5. (#236, #244)

    v2.1.3 [code, diff]

    • Fix: An out of memory bug when parsing numbers has been fixed. (#228, #229)

    v2.1.2 [code, diff]

    ... (truncated)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the Security Alerts page.
  • 15

    Bump express from 4.17.1 to 4.18.2

    Bumps express from 4.17.1 to 4.18.2.

    Release notes

    Sourced from express's releases.

    4.18.2

    4.18.1

    • Fix hanging on large stack of sync routes

    4.18.0

    ... (truncated)

    Changelog

    Sourced from express's changelog.

    4.18.2 / 2022-10-08

    4.18.1 / 2022-04-29

    • Fix hanging on large stack of sync routes

    4.18.0 / 2022-04-25

    ... (truncated)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the Security Alerts page.
  • 16

    Bump qs, body-parser and express

    Bumps qs, body-parser and express. These dependencies needed to be updated together. Updates qs from 6.10.1 to 6.11.0

    Changelog

    Sourced from qs's changelog.

    6.11.0

    • [New] [Fix] stringify: revert 0e903c0; add commaRoundTrip option (#442)
    • [readme] fix version badge

    6.10.5

    • [Fix] stringify: with arrayFormat: comma, properly include an explicit [] on a single-item array (#434)

    6.10.4

    • [Fix] stringify: with arrayFormat: comma, include an explicit [] on a single-item array (#441)
    • [meta] use npmignore to autogenerate an npmignore file
    • [Dev Deps] update eslint, @ljharb/eslint-config, aud, has-symbol, object-inspect, tape

    6.10.3

    • [Fix] parse: ignore __proto__ keys (#428)
    • [Robustness] stringify: avoid relying on a global undefined (#427)
    • [actions] reuse common workflows
    • [Dev Deps] update eslint, @ljharb/eslint-config, object-inspect, tape

    6.10.2

    • [Fix] stringify: actually fix cyclic references (#426)
    • [Fix] stringify: avoid encoding arrayformat comma when encodeValuesOnly = true (#424)
    • [readme] remove travis badge; add github actions/codecov badges; update URLs
    • [Docs] add note and links for coercing primitive values (#408)
    • [actions] update codecov uploader
    • [actions] update workflows
    • [Tests] clean up stringify tests slightly
    • [Dev Deps] update eslint, @ljharb/eslint-config, aud, object-inspect, safe-publish-latest, tape
    Commits
    • 56763c1 v6.11.0
    • ddd3e29 [readme] fix version badge
    • c313472 [New] [Fix] stringify: revert 0e903c0; add commaRoundTrip option
    • 95bc018 v6.10.5
    • 0e903c0 [Fix] stringify: with arrayFormat: comma, properly include an explicit `[...
    • ba9703c v6.10.4
    • 4e44019 [Fix] stringify: with arrayFormat: comma, include an explicit [] on a s...
    • 113b990 [Dev Deps] update object-inspect
    • c77f38f [Dev Deps] update eslint, @ljharb/eslint-config, aud, has-symbol, tape
    • 2cf45b2 [meta] use npmignore to autogenerate an npmignore file
    • Additional commits viewable in compare view

    Updates body-parser from 1.19.0 to 1.20.1

    Release notes

    Sourced from body-parser's releases.

    1.20.0

    1.19.2

    1.19.1

    Changelog

    Sourced from body-parser's changelog.

    1.20.1 / 2022-10-06

    1.20.0 / 2022-04-02

    1.19.2 / 2022-02-15

    1.19.1 / 2021-12-10

    Commits

    Updates express from 4.17.1 to 4.18.2

    Release notes

    Sourced from express's releases.

    4.18.2

    4.18.1

    • Fix hanging on large stack of sync routes

    4.18.0

    ... (truncated)

    Changelog

    Sourced from express's changelog.

    4.18.2 / 2022-10-08

    4.18.1 / 2022-04-29

    • Fix hanging on large stack of sync routes

    4.18.0 / 2022-04-25

    ... (truncated)

    Commits

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the Security Alerts page.
  • 17

    Bump decode-uri-component from 0.2.0 to 0.2.2

    Bumps decode-uri-component from 0.2.0 to 0.2.2.

    Release notes

    Sourced from decode-uri-component's releases.

    v0.2.2

    • Prevent overwriting previously decoded tokens 980e0bf

    https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.1...v0.2.2

    v0.2.1

    • Switch to GitHub workflows 76abc93
    • Fix issue where decode throws - fixes #6 746ca5d
    • Update license (#1) 486d7e2
    • Tidelift tasks a650457
    • Meta tweaks 66e1c28

    https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.0...v0.2.1

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the Security Alerts page.

Popular Tag

Related