PostCSS Selector Not is a valuable tool for web developers, providing a way to use the advanced :not() CSS pseudo-class, defined in CSS Level 4, while maintaining compatibility with older browsers that only support the CSS Level 3 version. This PostCSS plugin transforms the more complex Level 4 selectors into their Level 3 equivalents, ensuring consistent styling across different browser environments.
Comparing versions 4.0.0 and 4.0.1, the core functionality remains the same, both versions effectively transpile :not() selectors. However, version 4.0.1, released in December 2020, incorporates underlying improvements and potential bug fixes, reflected in the slight increase in unpacked size (6545 bytes compared to 6227 bytes in 4.0.0) and updated release date. Both versions share the same dependencies, relying on postcss (version 7.0.2 or higher) and balanced-match. Developers already using version 4.0.0 should consider upgrading to 4.0.1 to benefit from these refinements and ensure they have the most stable and up-to-date version. This package is licensed under the MIT license.
All the vulnerabilities related to the version 4.0.1 of the package
PostCSS line return parsing error
An issue was discovered in PostCSS before 8.4.31. It affects linters using PostCSS to parse external Cascading Style Sheets (CSS). There may be \r discrepancies, as demonstrated by @font-face{ font:(\r/*);} in a rule.
This vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the PostCSS output in CSS nodes (rules, properties) despite being originally included in a comment.
