PostCSS version 8.4.26 represents a minor update to the widely used CSS transformation tool, building upon version 8.4.25. Both versions share the same core dependencies, including nanoid for generating unique IDs, picocolors for enhanced console output, and source-map-js for source map handling, ensuring continued compatibility and stability. Key aspects like the MIT license, repository details, author information (Andrey Sitnik), and funding avenues remain consistent, reflecting the project's commitment to open-source principles and sustainable development.
The primary difference lies in the release date and potentially subtle internal improvements. Version 8.4.26 was released on July 13, 2023, while version 8.4.25 was released on July 6, 2023. This one week gap suggests bug fixes, performance enhancements, or minor feature additions. While the file count remains the same at 55, there`s a slight difference in unpackedSize with v8.4.25 occupying 195349 bytes and the newer v8.4.26 using 195300 bytes. This suggests some internal changes that resulted in a small size optimization for the latter version.
For developers, these incremental updates in PostCSS are crucial for maintaining optimal performance and taking advantage of the latest refinements without introducing breaking changes. Upgrading from 8.4.25 to 8.4.26 should be a seamless experience, offering potential benefits in efficiency and stability. As always, reviewing the official release notes (typically available on the PostCss GitHub repository) is recommended for a detailed understanding of the specific changes included in this minor revision.
All the vulnerabilities related to the version 8.4.26 of the package
PostCSS line return parsing error
An issue was discovered in PostCSS before 8.4.31. It affects linters using PostCSS to parse external Cascading Style Sheets (CSS). There may be \r discrepancies, as demonstrated by @font-face{ font:(\r/*);} in a rule.
This vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the PostCSS output in CSS nodes (rules, properties) despite being originally included in a comment.
