Tailwind CSS version 1.3.5 introduces subtle yet impactful refinements over its predecessor, 1.3.4. Both remain powerful utility-first CSS frameworks designed for rapid UI development. Key dependencies generally remain consistent, however, developers should note a slight adjustment in the fs-extra dependency. Version 1.3.5 depends on version 8.0.0 while 1.3.4 depends on version 9.0.0. This could potentially affect projects relying on specific fs-extra functionalities. The core development dependencies related to testing, linting, and transpilation remain static between versions. Performance improvements are suggested by the slight modification in the unpacked size of the distribution package, version 1.3.5 being marginally larger than 1.3.4. This might indicate minor additions or optimizations within the core library itself. The release timeline also shows a near two-day gap between the two versions, suggesting bug fixes or minor feature additions prompted the update. For developers using Tailwind CSS, carefully consider the fs-extra versions your project relies on. This ensures smooth transitions and compatibility. Otherwise, the upgrade represents a standard iteration within the Tailwind CSS ecosystem.
All the vulnerabilities related to the version 1.3.5 of the package
PostCSS line return parsing error
An issue was discovered in PostCSS before 8.4.31. It affects linters using PostCSS to parse external Cascading Style Sheets (CSS). There may be \r discrepancies, as demonstrated by @font-face{ font:(\r/*);} in a rule.
This vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the PostCSS output in CSS nodes (rules, properties) despite being originally included in a comment.
