Tailwind CSS version 1.5.0 introduces subtle yet impactful changes compared to its predecessor, version 1.4.6. Both versions share the same core dependencies, including essential tools like PostCSS, Autoprefixer, and Lodash, ensuring continued stability and compatibility for developers. However, a key difference lies in the chalk dependency within the dependencies object. Version 1.5.0 relaxes the version constraint for chalk to "^3.0.0 || ^4.0.0", offering broader compatibility with different chalk versions, while version 1.4.6 strictly depends on chalk":"^4.0.0. These changes should be mostly transparent, meaning developers are unlike to encounter major breaking changes, improving the developer experience when using Tailwind CSS in various environments and projects.
While the core functionality remains consistent, the differences in the package itself are more marked in the 'dist' object. Version 1.5.0 has fewer files a fileCount of 168 compared to 1.4.6's 182. This, combined with a smaller unpackedSize of 6323234 bytes versus 7388658 bytes in 1.4.6 suggests that version 1.5.0 has been optimized for smaller size, potentially implying improvements in build times or reduced disk space usage. This makes the new version appealing to developers working on resource-constrained environments or those prioritizing faster deployments. Finally, version 1.5.0 was released on July 15, 2020, a couple of months after the release of version 1.4.6 on May 8, 2020.
All the vulnerabilities related to the version 1.5.0 of the package
PostCSS line return parsing error
An issue was discovered in PostCSS before 8.4.31. It affects linters using PostCSS to parse external Cascading Style Sheets (CSS). There may be \r discrepancies, as demonstrated by @font-face{ font:(\r/*);} in a rule.
This vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the PostCSS output in CSS nodes (rules, properties) despite being originally included in a comment.
