Clean-css offers developers a robust solution for CSS minification, as seen through the updates between versions 3.4.27 and 3.4.28. Both versions maintain the same core dependencies, relying on commander for command-line interface handling and source-map for debugging assistance. Similarly, the development dependencies remain consistent, indicating a stable build and testing environment with tools like browserify, jshint, nock, uglify-js, and vows. This suggests that the development workflow and quality assurance processes are largely unchanged.
The key difference between the two versions lies in the release date. Version 3.4.28 was published on July 14, 2017, following the release of version 3.4.27 on June 9, 2017. While the package metadata doesn't detail the specific code changes or bug fixes included in the newer release, the updated release date implies that version 3.4.28 likely contains improvements or patches addressing issues discovered after the previous version.
For developers using clean-css, this information suggests a stable and consistently maintained library suitable for optimizing CSS files. When choosing between these specific versions, opting for 3.4.28 is generally advisable, as it likely incorporates the latest refinements and bug fixes available at that time, ensuring a slightly more polished and reliable minification process. Always consulting the project's changelog or release notes on the GitHub repository is highly advised for a comprehensive understanding of the changes introduced in each version.
All the vulnerabilities related to the version 3.4.28 of the package
Regular Expression Denial of Service in clean-css
Version of clean-css prior to 4.1.11 are vulnerable to Regular Expression Denial of Service (ReDoS). Untrusted input may cause catastrophic backtracking while matching regular expressions. This can cause the application to be unresponsive leading to Denial of Service.
Upgrade to version 4.1.11 or higher.
