PostCSS version 8.3.11 is a minor update to the popular tool for transforming styles with JavaScript plugins, following closely after version 8.3.10. Both versions share the same core functionality, offering developers a robust platform for manipulating CSS using a wide array of plugins. Key dependencies like nanoid, picocolors, and source-map-js remain consistent between the two releases, indicating a focus on stability and compatibility.
The primary distinction lies in the dist metadata, specifically the unpackedSize and releaseDate. Version 8.3.11 has a slightly smaller unpacked size (172630 bytes) compared to 8.3.10 (172663 bytes), suggesting minor optimizations in the codebase. Crucially, the release date indicates that version 8.3.11 was published on October 21, 2021, while version 8.3.10 was released the previous day.
For developers, this update likely contains bug fixes, performance improvements, or small refinements that didn't warrant a major or minor version bump. While the core API and plugin ecosystem remain unchanged, upgrading to 8.3.11 is recommended to benefit from the latest improvements and ensure optimal performance within your CSS processing pipeline. Checking the changelog or release notes associated with PostCSS 8.3.11 would provide a complete understanding of the specific changes introduced and any potential impact on existing projects.
All the vulnerabilities related to the version 8.3.11 of the package
PostCSS line return parsing error
An issue was discovered in PostCSS before 8.4.31. It affects linters using PostCSS to parse external Cascading Style Sheets (CSS). There may be \r discrepancies, as demonstrated by @font-face{ font:(\r/*);} in a rule.
This vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the PostCSS output in CSS nodes (rules, properties) despite being originally included in a comment.
