Autoprefixer is a crucial tool for web developers, automatically adding vendor prefixes to CSS rules, ensuring compatibility across different browsers and streamlining the development process. Examining versions 9.1.0 and 9.1.1 reveals subtle but important distinctions. The headline difference lies in dependency updates. Version 9.1.1 upgraded its browserslist dependency from version 4.0.1 to 4.0.2, and the caniuse-lite dependency from version 1.0.30000872 to 1.0.30000876. These updates directly impact the range of browser versions and CSS features that Autoprefixer considers when adding prefixes. Developers should note that browserslist influences how Autoprefixer targets specific browsers, while caniuse-lite provides the underlying data about browser support for various CSS properties.
These dependency bumps signal improvements in browser support detection and potentially, more accurate or up-to-date prefixing. Additionally, unpacking sizes shows a slight increase from 319101 to 324179, hinting at minor code additions or data updates within the package. While the postcss and postcss-value-parserdependencies remain the same, indicating no core architectural changes, the browserslist and caniuse-lite updates suggest that version 9.1.1 provides an enriched and more current browser compatibility experience. For developers, upgrading to 9.1.1 ensures the best vendor prefix targeting. The date of release shows that the newer version was published about ten days after the previous stable version.
All the vulnerabilities related to the version 9.1.1 of the package
PostCSS line return parsing error
An issue was discovered in PostCSS before 8.4.31. It affects linters using PostCSS to parse external Cascading Style Sheets (CSS). There may be \r discrepancies, as demonstrated by @font-face{ font:(\r/*);} in a rule.
This vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the PostCSS output in CSS nodes (rules, properties) despite being originally included in a comment.
