Css-loader version 3.2.1 represents a modest update over its predecessor, version 3.2.0, offering refinements and dependency upgrades. Developers should note the postcss dependency jumps from version 7.0.17 to 7.0.23, potentially incorporating bug fixes or minor feature enhancements within PostCSS itself. The postcss-modules-scope dependency sees a minor version bump from 2.1.0 to 2.1.1, indicating possible tweaks to CSS module scoping behavior. Also impacting CSS processing is the postcss-value-parser, which updates from 4.0.0 to 4.0.2, suggesting improvements in value parsing accuracy.
A significant update occurs in schema-utils, moving from version 2.0.0 to 2.6.0, likely bringing enhanced schema validation capabilities. As for the tooling updates, several dev dependencies received updates: "@babel/cli", "@babel/core", "@babel/preset-env", eslint, file-loader, jest, lint-staged, sass, sass-loader, strip-ansi, url-loader, webpack. These updates ensure code compatibility and testing. The release date difference showcases the ongoing maintenance and improvements to the tool.
Generally, the 3.2.1 update seems to consolidate existing functionalities, potentially addressing minor irritations and edge cases identified in version 3.2.0, offering a slightly more polished experience for webpack users processing CSS. Most migrations should be smooth, keeping in mind the changes to the dependencies mentioned.
All the vulnerabilities related to the version 3.2.1 of the package
PostCSS line return parsing error
An issue was discovered in PostCSS before 8.4.31. It affects linters using PostCSS to parse external Cascading Style Sheets (CSS). There may be \r discrepancies, as demonstrated by @font-face{ font:(\r/*);} in a rule.
This vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the PostCSS output in CSS nodes (rules, properties) despite being originally included in a comment.
