Tailwind CSS version 1.8.6 represents a minor update from the previous stable release, version 1.8.5, continuing its evolution as a utility-first CSS framework designed for rapid UI development. Both versions share a common foundation, boasting identical dependencies such as bytes, chalk, color, lodash, and a suite of PostCSS related tools including autoprefixer, postcss-nested, and @fullhuman/postcss-purgecss. This signifies a consistent ecosystem of underlying libraries powering the framework's core functionalities for tasks like color manipulation, code parsing, and CSS processing.
While the dependency list remains unchanged, a key difference lies in the dist object. Version 1.8.6 features a slightly larger unpacked size of 18,868,878 bytes compared to 1.8.5's 18,868,103 bytes. This suggests that 1.8.6 include minor updates in source files or assets to address bugs, performance improvements, or even documentation enhancements. Developers should notice any performance gains if they were to use tailwindcss for huge projects. The difference in the versions means a release date of September 9, 2020, as opposed to September 7, 2020 for its predecessor . This minor update cycle showcases Tailwind CSS's commitment to continuous improvement, making it perfect for developers of any level, especially with bigger projects where performance means money.
All the vulnerabilities related to the version 1.8.6 of the package
PostCSS line return parsing error
An issue was discovered in PostCSS before 8.4.31. It affects linters using PostCSS to parse external Cascading Style Sheets (CSS). There may be \r discrepancies, as demonstrated by @font-face{ font:(\r/*);} in a rule.
This vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the PostCSS output in CSS nodes (rules, properties) despite being originally included in a comment.
