PostCSS Modules version 4.0.0 marks a significant update from its predecessor, version 3.2.2, primarily driven by its compatibility with newer versions of PostCSS itself. Notably, version 4.0.0 lists PostCSS as a peer dependency with a requirement of "^8.0.0," while version 3.2.2 directly included PostCSS as a dependency (version "^7.0.32"). This shift to a peer dependency model is crucial; it allows developers greater flexibility in managing their PostCSS versions, preventing potential conflicts when integrating PostCSS Modules with other PostCSS plugins within their projects.
Beyond PostCSS, several internal dependencies have been bumped to newer major versions. Specifically, postcss-modules-scope, postcss-modules-values, postcss-modules-extract-imports, and postcss-modules-local-by-default all jump from version 2.x or 3.x to version 4.0.0, indicating potentially breaking changes and new features within these core modules responsible for scoping, value handling, import extraction, and local-by-default behavior respectively. It means that developers upgrading from v3 to v4 might need to adjust their configuration or code to accommodate these updated internal dependencies.
Furthermore, version 4.0.0 removes PostCSS from dependencies and includes it in peerDependencies and updates the needed version to "^8.1.9" to use as dev dependency, whereas version 3.2.2 uses "^7.0.32" and "^9.6.1" for autoprefixer. Lastly, the releaseDate` is significantly different, with version 4.0.0 having been released on "2020-11-29T09:41:15.010Z" compared to version 3.2.2 which was released on "2020-08-24T10:47:46.447Z". Therefore, these dependency updates and the overall architectural shift to peer dependencies make version 4.0.0 a considerable upgrade, potentially unlocking new capabilities for developers embracing the latest PostCSS ecosystem.
The are not vulnerabilities for the version 4.0.0 of the package postcss-modules
