Tailwind CSS version 1.7.4 is a minor update to the utility-first CSS framework, following closely on the heels of version 1.7.3. Both versions share the same core dependencies, ensuring a consistent experience for developers relying on packages like PostCSS, Autoprefixer, and Lodash. Key dependencies such as @fullhuman/postcss-purgecss remain at version 2.1.2, maintaining compatibility for developers utilizing PurgeCSS for optimizing their final CSS output by removing unused styles. The devDependencies also remain mostly the same, providing a stable set of tools for development, linting, and testing.
The most visible difference lies in the dist object. Version 1.7.4 features a fileCount of 187 and an unpackedSize of 14,893,840 bytes, subtly larger than version 1.7.3's 186 files and 14,875,720 bytes. This suggests minor additions or refinements within the package, potentially including updated documentation, configuration files, or code optimizations. While seemingly small, these changes can contribute to a more robust and refined developer experience. If you are using tailwind from version 1.7.3 it is recommended to update since it brings latest fixes and improvements. The release date also highlights the recency of the update, published on August 26, 2020, giving developers access to the most up-to-date improvements.
All the vulnerabilities related to the version 1.7.4 of the package
PostCSS line return parsing error
An issue was discovered in PostCSS before 8.4.31. It affects linters using PostCSS to parse external Cascading Style Sheets (CSS). There may be \r discrepancies, as demonstrated by @font-face{ font:(\r/*);} in a rule.
This vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the PostCSS output in CSS nodes (rules, properties) despite being originally included in a comment.
