Tailwind CSS version 1.1.1 is a minor patch release following closely on the heels of the 1.1.0 version. Both versions offer the same core functionality: a utility-first CSS framework designed for rapid UI development. Developers can leverage its pre-defined classes to quickly style their web applications without writing custom CSS in many cases. The dependencies remain identical between the two versions, including essential libraries like PostCSS for CSS transformations, Autoprefixer for vendor prefixing, and Lodash for JavaScript utilities. The development dependencies, crucial for building and testing the library itself, also remain consistent, featuring tools like Jest for testing, ESLint for code linting, and Prettier for code formatting.
The most notable difference lies in the distribution files. Version 1.1.1 has a slightly larger unpacked size (3,106,139 bytes) and a single extra file (141 files compared to 140) within the package compared to version 1.1.0 (3,105,744 bytes). This indicates a minor tweak, bug fix or small addition. Also the release date clearly shows version 1.1.1 was released 3 days after 1.1.0, indicating a quick-follow up release.
For developers using Tailwind CSS, the jump from 1.1.0 to 1.1.1 should be relatively seamless. Since it is a patch version, no breaking changes are expected, and it is recommended to update to the latest version to incorporate any potential bug fixes or minor improvements. Keep an eye on the official Tailwind CSS changelog for more detailed information on the specific changes included in this patch release.
All the vulnerabilities related to the version 1.1.1 of the package
PostCSS line return parsing error
An issue was discovered in PostCSS before 8.4.31. It affects linters using PostCSS to parse external Cascading Style Sheets (CSS). There may be \r discrepancies, as demonstrated by @font-face{ font:(\r/*);} in a rule.
This vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the PostCSS output in CSS nodes (rules, properties) despite being originally included in a comment.
