PostCSS version 8.4.24 represents a subtle yet potentially important update over its predecessor, version 8.4.23. Both versions share the same core functionality as a tool for transforming styles with JS plugins, and maintain identical dependency requirements, leveraging nanoid, picocolors, and source-map-js. Key metadata like license, repository, author, and funding sources remain consistent, indicating no change in project governance or support.
The primary differences lie in the dist data and releaseDate. Version 8.4.24 was released on May 28, 2023, whereas 8.4.23 was released on April 19, 2023, meaning the newer version incorporates fixes and improvements accumulated over roughly a month. The unpacked size in 8.4.24 slightly decreases to 193541 from 193696 in 8.4.23.
For developers, this suggests a minor optimization or bug fix in the 8.4.24 release. If encountering issues with style transformations or source map generation in 8.4.23, upgrading to 8.4.24 is advisable. Given the consistency otherwise, the upgrade should be seamless and non-breaking, providing potentially better performance and stability. As a widely used tool in modern web development workflows, even minor updates to PostCSS can contribute to a smoother development experience. The small difference in unpacked size may also indicate a removal of some unnecessary files, contributing to a slightly leaner package.
All the vulnerabilities related to the version 8.4.24 of the package
PostCSS line return parsing error
An issue was discovered in PostCSS before 8.4.31. It affects linters using PostCSS to parse external Cascading Style Sheets (CSS). There may be \r discrepancies, as demonstrated by @font-face{ font:(\r/*);} in a rule.
This vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the PostCSS output in CSS nodes (rules, properties) despite being originally included in a comment.
