PostCSS Prefix Selector, a utility for prepending a selector to all CSS rules, saw a notable update between versions 1.7.2 and 1.8.0. Both versions share the core functionality of prefixing CSS rules and maintain a dependency on PostCSS version 7.0.0 or higher, ensuring compatibility with a wide range of PostCSS-based workflows. The license remains MIT in both versions, offering flexibility for integration into various projects.
The key differences between the versions lie primarily in the development dependencies and release timing. Version 1.8.0, released in March 2021, features updated development tools, including husky for Git hooks, mocha for testing, istanbul for code coverage, prettier for code formatting, and lint-staged for running linters on staged files. Specifically, husky was bumped from version 2.0.0 to version 4.0.2, mocha from 6.1.0 to ~7.2.0, prettier updated from 1.11.1 to ^2.0.0, and lint-staged upgraded from 8.0.0 to ^10.0.3. These upgrades likely reflect improvements in the development workflow, code quality checks, and formatting consistency. The unpacked size has increased slightly from 8227 to 8746 which may suggest a minor added features or code changes.
For developers considering PostCSS Prefix Selector, the upgrade to version 1.8.0 brings the benefit of a more modern and streamlined development environment for contributing to the library. The core functionality remains the same, so the choice between the two versions depends on whether the developer prioritizes the latest development toolchain features. The releaseDate and the updated dependencies points that 1.8.0 is actively mantained and updated compared to 1.7.2.
All the vulnerabilities related to the version 1.8.0 of the package
PostCSS line return parsing error
An issue was discovered in PostCSS before 8.4.31. It affects linters using PostCSS to parse external Cascading Style Sheets (CSS). There may be \r discrepancies, as demonstrated by @font-face{ font:(\r/*);} in a rule.
This vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the PostCSS output in CSS nodes (rules, properties) despite being originally included in a comment.
