Skip to content

chore(deps): bump style-dictionary from 3.9.2 to 5.4.0#579

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/style-dictionary-5.4.0
Open

chore(deps): bump style-dictionary from 3.9.2 to 5.4.0#579
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/style-dictionary-5.4.0

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 15, 2026
edited
Loading

Bumps style-dictionary from 3.9.2 to 5.4.0.

Release notes

Sourced from style-dictionary's releases.

v5.4.0

Minor Changes

  • edceda7: Add support for DTCG v2025.10 dimension token type object value, while remaining backwards compatible for dimension tokens using string values.

    All built-in transforms can now handle dimension tokens.

    This includes CSS shorthand transforms for composed token types such as typography, border and shadows, which can contain properties that are dimensions.

    {
  "spacing": {
    "$type": "dimension",
    "$value": { "value": 1, "unit": "px" }
  },
  "shadow": {
    "$type": "shadow",
    "$value": {
      "color": { "colorSpace": "srgb", "components": [0, 0, 0], "alpha": 0.4 },
      "offsetX": { "value": 2, "unit": "px" },
      "offsetY": { "value": 2, "unit": "px" },
      "blur": { "value": 4, "unit": "px" },
      "spread": { "value": 6, "unit": "px" }
    }
  }
}

  • 3d5c140: Generate strict types (tuples) for the tokens of the same type

Patch Changes

  • edceda7: Fix very old bug where size/remToPt wasn't converting to pt unit, but rather to f (iOS float). Fixed this, added size/remToFloat to use the old behavior, and updated the ios transformGroup to use this instead. This is technically potentially "breaking" but because it is a bugfix, this is a patch.

v5.3.3

Patch Changes

  • 52817e1: Fix vulnerability in bundled version of glob -> minimatch.

v5.3.2

Patch Changes

  • a7986d2: Support DTCG inset boolean property in shadow/css/shorthand transform, in addition to the existing type: "inset" format. Don't put invalid inset values in shadow/css/shorthand box-shadow values, they are ignored now. E.g. if you put type: "innerShadow" or some other unrecognized string.

v5.3.1

Patch Changes

  • 9f51f0d: Fix shadow and border CSS shorthands to also support latest DTCG color module. Add platform options to configure how the shorthand transforms stringify the color property.

... (truncated)

Changelog

Sourced from style-dictionary's changelog.

5.4.0

Minor Changes

  • edceda7: Add support for DTCG v2025.10 dimension token type object value, while remaining backwards compatible for dimension tokens using string values.

    All built-in transforms can now handle dimension tokens.

    This includes CSS shorthand transforms for composed token types such as typography, border and shadows, which can contain properties that are dimensions.

    {
  "spacing": {
    "$type": "dimension",
    "$value": { "value": 1, "unit": "px" }
  },
  "shadow": {
    "$type": "shadow",
    "$value": {
      "color": { "colorSpace": "srgb", "components": [0, 0, 0], "alpha": 0.4 },
      "offsetX": { "value": 2, "unit": "px" },
      "offsetY": { "value": 2, "unit": "px" },
      "blur": { "value": 4, "unit": "px" },
      "spread": { "value": 6, "unit": "px" }
    }
  }
}

  • 3d5c140: Generate strict types (tuples) for the tokens of the same type

Patch Changes

  • edceda7: Fix very old bug where size/remToPt wasn't converting to pt unit, but rather to f (iOS float). Fixed this, added size/remToFloat to use the old behavior, and updated the ios transformGroup to use this instead. This is technically potentially "breaking" but because it is a bugfix, this is a patch.

5.3.3

Patch Changes

  • 52817e1: Fix vulnerability in bundled version of glob -> minimatch.

5.3.2

Patch Changes

  • a7986d2: Support DTCG inset boolean property in shadow/css/shorthand transform, in addition to the existing type: "inset" format. Don't put invalid inset values in shadow/css/shorthand box-shadow values, they are ignored now. E.g. if you put type: "innerShadow" or some other unrecognized string.

5.3.1

... (truncated)

Commits
  • b13b9c7 chore: release (#1663)
  • 3d5c140 feat: generate stricter types for the tokens of the same type (#1659)
  • edceda7 [REBASED + SQUASHED] feat: update functionality for size transformers to matc...
  • a866bf9 docs: fix documentation for size/remToPt transformer (#1589)
  • ebc32ff chore(deps): bump devalue from 5.6.3 to 5.6.4 (#1657)
  • a2f8f50 chore(deps-dev): bump dompurify from 3.3.1 to 3.3.3 (#1656)
  • c7eddec chore: fix dev deps vulnerabilities, remove unused (#1655)
  • abec19a chore: release (#1652)
  • 52817e1 fix: vulnerability minimatch in bundled glob, and some devdeps (#1651)
  • 8c51ed2 chore: release (#1644)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for style-dictionary since your current version.

Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Apr 15, 2026
@dependabot dependabot Bot requested a review from a team as a code owner April 15, 2026 05:11
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Apr 15, 2026
@socket-security
Copy link
Copy Markdown

socket-security Bot commented Apr 15, 2026
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updatedstyle-dictionary@​3.9.2 ⏵ 5.4.099 +110010092100

View full report

@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/style-dictionary-5.4.0 branch from d30e61a to e789f7d Compare April 24, 2026 12:00
@dependabot
chore(deps): bump style-dictionary from 3.9.2 to 5.4.0
e7c3017 
Bumps [style-dictionary](https://github.com/style-dictionary/style-dictionary) from 3.9.2 to 5.4.0.
- [Release notes](https://github.com/style-dictionary/style-dictionary/releases)
- [Changelog](https://github.com/style-dictionary/style-dictionary/blob/main/CHANGELOG.md)
- [Commits](style-dictionary/style-dictionary@v3.9.2...v5.4.0)

---
updated-dependencies:
- dependency-name: style-dictionary
  dependency-version: 5.4.0
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/style-dictionary-5.4.0 branch from e789f7d to e7c3017 Compare April 28, 2026 11:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants