PostCSS version 7.0.36 represents a minor update to the popular CSS transformation tool, building upon the solid foundation established in version 7.0.35. Both versions share the same core dependencies – Chalk for colored console output, source-map for debugging, and supports-color for terminal color detection – ensuring consistent functionality for developers. The license remains MIT, fostering open-source collaboration and widespread adoption. Andrey Sitnik continues as the author, reinforcing the established project leadership. The funding model via Open Collective stays consistent, indicating ongoing community support.
The key difference lies in the release date and the unpacked size of the package. Version 7.0.36 was released on June 11, 2021, significantly later than version 7.0.35 (September 28, 2020). While the file count remains constant at 35, the unpacked size has decreased slightly from 608254 bytes to 608026 bytes. This suggests potential optimizations in the code or asset structure in the newer version.
For developers, the update to 7.0.36 primarily signals a maintenance release or minor enhancement, possibly addressing bug fixes or performance improvements accumulated over the intervening months. While the API and core functionalities are likely unchanged, upgrading ensures access to the latest refinements and stability patches, benefiting users in the long run. Developers should therefore consider updating to version 7.0.36, and ensure consistency in the software building pipeline.
All the vulnerabilities related to the version 7.0.36 of the package
PostCSS line return parsing error
An issue was discovered in PostCSS before 8.4.31. It affects linters using PostCSS to parse external Cascading Style Sheets (CSS). There may be \r discrepancies, as demonstrated by @font-face{ font:(\r/*);} in a rule.
This vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the PostCSS output in CSS nodes (rules, properties) despite being originally included in a comment.
