The css package, a widely used CSS parser and stringifier in the JavaScript ecosystem, saw a notable update from version 2.2.4 to 3.0.0, released almost two years apart. Developers considering upgrading should be aware of the dependency changes. Version 3.0.0 updates the source-map-resolve dependency to ^0.6.0, a maintenance release, while version 2.2.4 uses ^0.5.2. The older version also depends on urix, a utility for URI manipulation, which has been removed entirely in version 3.0.0 reflecting a possible shift in how URI resolution is handled or its functionality being incorporated elsewhere.
The development dependencies also experience changes. The version of mocha was bumped dramatically from ^1.21.3 to ^8.0.1 indicating major testing framework improvements. Furthermore should was upgraded from version ^4.0.4 to ^13.2.3 bringing enhanced assertion capabilities. bytes, a utility for parsing byte sizes, moves from ^1.0.0 to ^3.1.0. The most recent package has unpacked size of 35471 bytes after the upgrade whereas the initial version has 35304 bytes. This means that even though the changesets are not massive, the newer package brings measurable improvements in at least some areas. Developers can leverage the newer css package for improved performance, updated dependencies and potentially better handling of source maps and byte operations within their CSS processing workflows.
The are not vulnerabilities for the version 3.0.0 of the package css
