Tailwind CSS version 1.8.4 represents a minor update over the previous stable version, 1.8.3, primarily focusing on bug fixes and potential performance improvements rather than introducing significant new features. Both versions share the same core set of dependencies, including crucial libraries like PostCSS for CSS processing, Lodash for utility functions, and Autoprefixer for ensuring cross-browser compatibility. The development dependencies also remain consistent, indicating a continued commitment to code quality through tools like ESLint for linting and Jest for testing.
A key area to consider is the dist section, where the file count and unpacked size show slight differences. Version 1.8.4 has 196 files and an unpacked size of 18867205 bytes, whereas version 1.8.3 has 195 files and 18865147 bytes unpacked. This suggests that the newer version includes a very small number of additional or modified files, potentially addressing reported issues or slightly optimizing parts of the framework. Developers upgrading should anticipate minimal impact on their existing configurations.
The release dates further highlight the recency of the update, with version 1.8.4 released just days after 1.8.3. Given the close proximity of these releases, the update is likely addressing critical but subtle fixes making it a worthwhile upgrade, especially for developers who encountered edge cases or minor issues in the previous version.
All the vulnerabilities related to the version 1.8.4 of the package
PostCSS line return parsing error
An issue was discovered in PostCSS before 8.4.31. It affects linters using PostCSS to parse external Cascading Style Sheets (CSS). There may be \r discrepancies, as demonstrated by @font-face{ font:(\r/*);} in a rule.
This vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the PostCSS output in CSS nodes (rules, properties) despite being originally included in a comment.
