The npm package css saw a notable update from version 2.0.0 to 2.1.0, refining its role as a CSS parser and stringifier. Dependency management underwent changes; in the updated version, source-map progressed from ~0.1.31 to ^0.1.38 and source-map-resolve moved from ~0.1.3 to ^0.3.0, suggesting enhancements in source map handling and potentially addressing related bugs or supporting newer source map specifications. urix remained relatively stable. Development dependencies also saw changes with specific version constraints being updated, reflecting evolving testing and development tool preferences.
The core functionality as a CSS parser and stringifier likely remained consistent, implying that existing code reliant on the package's core features would function largely unchanged. The updates primarily focused on stability and development infrastructure. For developers, this suggests enhanced reliability in source map processing, which is crucial for debugging and development workflows, particularly when dealing with minified or preprocessed CSS. Version 2.1.0 offers a modernized dependency set and potentially improves compatibility with current build processes that rely on robust source map support. Using version 2.1.0 offers benefits through improved dependency management and increased stability.
All the vulnerabilities related to the version 2.1.0 of the package
Out-of-bounds Read in atob
Versions of atob before 2.1.0 uninitialized Buffers when number is passed in input on Node.js 4.x and below.
Update to version 2.1.0 or later.
