Autoprefixer is a valuable PostCSS plugin that automatically adds vendor prefixes to CSS rules, ensuring cross-browser compatibility and saving developers time and effort. Comparing versions 9.1.4 and 9.1.5 reveals subtle but potentially impactful differences for developers. Both versions share the same core functionality: parsing CSS and applying prefixes based on data from the "Can I Use" website. They also rely on shared dependencies like postcss, browserslist, caniuse-lite, num2fraction, normalize-range, and postcss-value-parser.
The key distinction lies in the removal of @babel/register as a dependency in version 9.1.5. This suggests a change in the build or testing process, potentially streamlining the package or addressing compatibility issues. Although the impact on end-users is likely minimal, developers who used @babel/register explicitly alongside Autoprefixer might need to adjust their workflows. The unpackedSize increased slightly between the versions.
Both versions maintain the MIT license and are authored by Andrey Sitnik. With frequently updated caniuse-lite for support for new browser versions, Autoprefixer remains a dependable tool for modern web development, facilitating a smooth and consistent user experience across different browsers. Always check dependency updates to ensure compatibility with your project.
All the vulnerabilities related to the version 9.1.5 of the package
PostCSS line return parsing error
An issue was discovered in PostCSS before 8.4.31. It affects linters using PostCSS to parse external Cascading Style Sheets (CSS). There may be \r discrepancies, as demonstrated by @font-face{ font:(\r/*);} in a rule.
This vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the PostCSS output in CSS nodes (rules, properties) despite being originally included in a comment.
