Tailwind CSS version 1.1.0 introduces notable refinements over its predecessor, version 1.0.6, enhancing the developer experience and potentially expanding the framework's capabilities. Both versions maintain a similar core dependency structure, relying on essential packages like postcss, lodash, and autoprefixer for CSS processing and utility functions. The development dependency suite also remains largely consistent, employing tools like jest, eslint, and prettier for testing, code linting, and formatting.
The primary differences lie in the distribution details. Version 1.1.0 exhibits a larger unpacked size (3105744 bytes) compared to version 1.0.6 (2162581 bytes), indicating an increase in the codebase or included assets. This could translate to feature additions, expanded configuration options, or optimizations within the framework itself. The file count within the distributed tarball also increases from 137 to 140, which might mean more components, modules, or documentation updates. While the core set of dependencies does not show significant alterations, the increased size suggests added functionality or refinements. Finally, important to note is as well, that the version 1.1.0 was released on August 6, 2019, a few days after the release of version 1.0.6 on August 1, 2019. Developers considering an upgrade should investigate the changelog for version 1.1.0 to understand the specific changes, bug fixes, and new features implemented.
All the vulnerabilities related to the version 1.1.0 of the package
PostCSS line return parsing error
An issue was discovered in PostCSS before 8.4.31. It affects linters using PostCSS to parse external Cascading Style Sheets (CSS). There may be \r discrepancies, as demonstrated by @font-face{ font:(\r/*);} in a rule.
This vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the PostCSS output in CSS nodes (rules, properties) despite being originally included in a comment.
