Tailwindcss version 0.7.4 introduces several key updates compared to the previous stable version 0.7.3, primarily focusing on dependency upgrades that can significantly impact a developer's workflow. The most notable changes are in the core CSS processing tools. PostCSS jumps from version 6.0.9 to 7.0.11 offering improved performance and potentially breaking changes that require developers to update their configurations if relying on older PostCSS plugins. Autoprefixer advances from 9.3.1 to 9.4.5, enhancing compatibility with newer CSS features across various browsers. Furthermore, PostCSS Nested moves from 3.0.0 to 4.1.1, possibly introducing new syntax for nested CSS rules and therefore better code organization. PostCSS Selector Parser sees a major upgrade from 3.1.1 to 5.0.0, suggesting substantial improvements in selector parsing capabilities.
These upgrades collectively refine Tailwindcss's core functionalities. The jump in version of PostCSS-JS ( 1.0.1 to 2.0.0) indicates improved handling of CSS with Javascript. The increased unpackedSize suggests that the package now includes more features, refined configurations, or improved documentation. Developers should be aware of these dependency updates when upgrading, ensuring their existing project setup aligns with the new versions to avoid potential compatibility issues. Overall, version 0.7.4 aims to provide a more stable and feature-rich environment for rapidly building custom user interfaces with Tailwindcss.
All the vulnerabilities related to the version 0.7.4 of the package
PostCSS line return parsing error
An issue was discovered in PostCSS before 8.4.31. It affects linters using PostCSS to parse external Cascading Style Sheets (CSS). There may be \r discrepancies, as demonstrated by @font-face{ font:(\r/*);} in a rule.
This vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the PostCSS output in CSS nodes (rules, properties) despite being originally included in a comment.
