Tailwind CSS underwent a significant update from version 0.7.4 to 1.0.0, bringing several notable changes for developers. One key difference lies in the updated dependency management. Version 1.0.0 upgraded several core dependencies, including Lodash (from 4.17.5 to 4.17.11), fs-extra (from 4.0.2 to 8.0.0), and postcss-selector-parser (from 5.0.0 to 6.0.0). These upgrades introduce potential performance improvements and access to newer features within those libraries. Normalize.css was a new addition in version 1, aiding in cross-browser consistency. The developer dependencies also saw substantial changes. Version 1.0.0 uses newer versions of Babel and ESLint, and adopted a more streamlined Babel configuration by dropping specific stage presets in favor of @babel/preset-env. Prettier's configuration was more up-to-date in the newer version. The older 0.7.4 relied on older Babel presets like babel-preset-react, babel-preset-stage-2, and babel-preset-stage-3, indicating a shift towards a more modern JavaScript compilation pipeline in version 1.0.0. Overall, the jump to version 1.0.0 suggests improvements in build processes, potential performance gains thanks to dependency updates, and a modernized development environment.
All the vulnerabilities related to the version 1.0.0 of the package
PostCSS line return parsing error
An issue was discovered in PostCSS before 8.4.31. It affects linters using PostCSS to parse external Cascading Style Sheets (CSS). There may be \r discrepancies, as demonstrated by @font-face{ font:(\r/*);} in a rule.
This vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the PostCSS output in CSS nodes (rules, properties) despite being originally included in a comment.
