Tailwind CSS version 1.4.3 is a minor patch release following closely on the heels of version 1.4.2, both adhering to the utility-first CSS framework philosophy designed for rapid UI development. A key consistency between the two versions lies in their core dependencies, encompassing essential packages like PostCSS, Autoprefixer, and various utilities for color manipulation, string handling, and file system operations. Both versions rely on the same versions of their dependencies. Developers already familiar with Tailwind CSS 1.4.2 will find a seamless transition to 1.4.3, as the fundamental API and core functionalities remain identical. However, under the hood, there might be changes in build process or very small bug fixes. A significant point to note is a small increase in the unpacked size of the package, with version 1.4.3 being slightly larger. Developers should update to the newest version to avoid possible issues already fixed. This eliminates any need for extensive code modifications or retraining, allowing for efficient updates and preventing problems to appear. Staying current ensures access to the most refined and stable iteration of this versatile CSS framework.
All the vulnerabilities related to the version 1.4.3 of the package
PostCSS line return parsing error
An issue was discovered in PostCSS before 8.4.31. It affects linters using PostCSS to parse external Cascading Style Sheets (CSS). There may be \r discrepancies, as demonstrated by @font-face{ font:(\r/*);} in a rule.
This vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the PostCSS output in CSS nodes (rules, properties) despite being originally included in a comment.
