Adobe's css-tools library, a versatile CSS parser and stringifier, saw a minor version update from 4.0.1 to 4.0.2 in January 2023. Both versions maintain the same core functionality for manipulating CSS, offering developers the tools needed to parse, analyze, and modify CSS stylesheets programmatically. They both are developed using TypeScript and have a test suite built with Jest.
A notable difference lies in the webpack-cli dependency. Version 4.0.1 relies on version 4.9.2, while 4.0.2 upgrades to version 5.0.1. This difference could be important for developers utilizing webpack in their build processes, potentially introducing build optimizations or compatibility adjustments. Also, the size of the unpacked library is slightly smaller in v4.0.2 (129820 bytes) than in v4.0.1 (130092 bytes). This likely indicates minor code optimizations or dependency adjustments. The core API of the library remains consistent between versions. Developers already familiar with css-tools can seamlessly transition to version 4.0.2. If you are not using webpack, this update is not expected to bring important changes. Before the upgrade, webpack users should check compatibility in their projects, to avoid unexpected build breakages.
All the vulnerabilities related to the version 4.0.2 of the package
@adobe/css-tools Regular Expression Denial of Service (ReDOS) while Parsing CSS
@adobe/css-tools version 4.3.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a denial of service while attempting to parse CSS.
The issue has been resolved in 4.3.1.
None
N/A
@adobe/css-tools Improper Input Validation and Inefficient Regular Expression Complexity
@adobe/css-tools version 4.3.1 and earlier are affected by an Improper Input Validation vulnerability that could result in a denial of service while attempting to parse CSS.
The issue has been resolved in 4.3.2.
None
N/A
