Autoprefixer versions 9.1.0 and 9.0.2 are both tools used by developers to automatically add vendor prefixes to CSS rules, enhancing cross-browser compatibility based on data from the "Can I Use" website. Examining the metadata reveals subtle yet important distinctions. While the core purpose remains consistent, the key differences lie in the dependencies and release details.
Version 9.1.0, released on August 3, 2018, demonstrates an update to its caniuse-lite dependency, bumping it to version 1.0.30000872 compared to version 9.0.2's 1.0.30000865. This indicates an updated dataset for browser compatibility, crucial for keeping prefixes accurate and relevant. Furthermore, version 9.1.0 shows a minor increase in fileCount (74 vs. 73) and unpackedSize (319101 vs. 314823), potentially reflecting minor code enhancements, bug fixes or expanded data within the updated caniuse database.
For developers, upgrading to 9.1.0 represents an assurance of more current browser support prefixes. The common dependencies, such as postcss, browserslist, num2fraction, normalize-range and postcss-value-parser, are shared, suggesting a relatively smooth transition. Developers should prioritize the 9.1.0 version to leverage the latest browser compatibility data for more reliable and updated vendor prefixing, ensuring a better user experience across a wider range of browsers. The very slight increase in size is a negligible trade-off for improved browser support information.
All the vulnerabilities related to the version 9.1.0 of the package
PostCSS line return parsing error
An issue was discovered in PostCSS before 8.4.31. It affects linters using PostCSS to parse external Cascading Style Sheets (CSS). There may be \r discrepancies, as demonstrated by @font-face{ font:(\r/*);} in a rule.
This vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the PostCSS output in CSS nodes (rules, properties) despite being originally included in a comment.
