Autoprefixer 10.4.8 is a minor version update following 10.4.7, both designed to parse CSS and automatically add vendor prefixes, ensuring cross-browser compatibility based on data from the "Can I Use" website. The core functionality remains consistent: processing CSS, leveraging postcss (peer dependency), and utilizing libraries like picocolors, fraction.js, normalize-range, and postcss-value-parser. Both versions are licensed under MIT and authored by Andrey Sitnik, with funding support via Open Collective and Tidelift.
The key differences lie in the dependency updates. Notably, autoprefixer 10.4.8 includes a newer version of browserslist (4.21.3, up from 4.20.3) and caniuse-lite (1.0.30001373, up from 1.0.30001335). These updates are crucial for developers as browserslist dictates which browsers Autoprefixer targets, and caniuse-lite provides the up-to-date browser compatibility data used for prefixing decisions. Therefore, upgrading to 10.4.8 ensures your CSS benefits from the latest browser support information and target selection logic, potentially removing unnecessary prefixes or adding prefixes for newer browser versions. The updated caniuse-lite also addresses potential security vulnerabilities and increases accuracy in prefixing. The negligible increase in unpacked size (44 bytes) suggests these updates are focused on data and logic enhancements rather than significant code additions. The release date difference confirms that 10.4.8 incorporates several months of accumulated browser support updates compared to 10.4.7.
The are not vulnerabilities for the version 10.4.8 of the package autoprefixer
