Autoprefixer 9.0.0 represents an iteration over version 8.6.5, both designed to automatically add vendor prefixes to CSS rules, ensuring compatibility across different web browsers by leveraging data from the "Can I Use" website. The core functionality remains consistent: parsing CSS and applying necessary prefixes based on browser support.
However, key differences lie in the updated dependencies. Version 9.0.0 upgrades postcss to ^7.0.0 and browserslist to ^4.0.1. Version 8.6.5 uses postcss ^6.0.23 and browserslist ^3.2.8.
A notable update is the caniuse-lite dependency, moving from version 1.0.30000864 in 8.6.5 to ^1.0.30000865 in 9.0.0. This seemingly small version bump translates to updated browser support data, crucial for Autoprefixer's accuracy in applying prefixes. Developers benefit from the most current understanding of browser compatibility, reducing the risk of missing necessary prefixes or including obsolete ones.
Furthermore, the unpacked size is reduced from 340824 to 311370, pointing to an improved and streamlined package. The release date and file count also show a recent update.
For developers, upgrading to 9.0.0 provides the advantage of the latest browser support data, updated tooling via PostCSS, improved browserlists and a streamlined library, without sacrificing the core functionality of automatic vendor prefixing enhancing cross-browser compatibility. The more recent release date suggests ongoing maintenance and responsiveness to the evolving web landscape.
All the vulnerabilities related to the version 9.0.0 of the package
PostCSS line return parsing error
An issue was discovered in PostCSS before 8.4.31. It affects linters using PostCSS to parse external Cascading Style Sheets (CSS). There may be \r discrepancies, as demonstrated by @font-face{ font:(\r/*);} in a rule.
This vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the PostCSS output in CSS nodes (rules, properties) despite being originally included in a comment.
