Tailwind CSS version 1.2.0 represents an incremental update over the previous stable version 1.1.4, offering refinements and dependency upgrades that enhance the developer experience. Both versions share the same core mission: providing a utility-first CSS framework for rapidly building custom user interfaces.
Key changes primarily reside in updated dependencies. Version 1.2.0 updates chalk from version 2.4.1 to 3.0.0, lodash from 4.17.11 to 4.17.15, and adds detective which wasn't present in the previous version at 5.2.0. The jest version also went up from the 24th version to the 25th. These upgrades often bring performance improvements, bug fixes, and new features from those underlying libraries. Additionally, these upgrades provide better compatibility with newer Node.js versions and other tooling.
While the core functionality remains consistent, developers upgrading should be mindful of potential breaking changes introduced by the updated dependencies. For most users, the upgrade will be seamless and result in a more robust and efficient development workflow. The increased 'unpackedSize' can be attributed to the addition of this new dependency as well as internal growth and improvements within the core Tailwind CSS library itself. In summary, focus on upgrading to the new version because it comes with the last bug fixes from the previous dependencies.
All the vulnerabilities related to the version 1.2.0 of the package
PostCSS line return parsing error
An issue was discovered in PostCSS before 8.4.31. It affects linters using PostCSS to parse external Cascading Style Sheets (CSS). There may be \r discrepancies, as demonstrated by @font-face{ font:(\r/*);} in a rule.
This vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the PostCSS output in CSS nodes (rules, properties) despite being originally included in a comment.
