Autoprefixer is a powerful PostCSS plugin that automatically adds vendor prefixes to CSS rules, ensuring compatibility across different browsers, based on data from Can I Use. Examining versions 9.2.0 and 9.1.5 reveals key updates beneficial for developers.
Version 9.2.0, released on October 14, 2018, builds upon the foundation of 9.1.5 (released September 4, 2018) with enhanced dependencies. Most notably, browserslist jumps from 4.1.0 to ^4.2.1 and caniuse-lite is updated from 1.0.30000884 to ^1.0.30000890. These updates mean improved browser support detection and more accurate prefixing, leading to better cross-browser compatibility and a more streamlined developer experience. postcss also receives an update, going from ^7.0.2 to ^7.0.5. Also, postcss-value-parser has been incremented to version ^3.3.1 from ^3.2.3.
The unpacked size of 9.2.0 (301432 bytes) is slightly larger than 9.1.5 (287796 bytes) implying that the new version introduces some new features or browser definitions, potentially related to the dependency updates.
Developers should upgrade to version 9.2.0 for the most up-to-date browser support and the most accurate automated prefixing, minimizing manual adjustments and ensuring a consistent user experience across different browsers. These package updates are relevant for all developers targeting a wide range of browsers where vendor prefixes are often required.
All the vulnerabilities related to the version 9.2.0 of the package
PostCSS line return parsing error
An issue was discovered in PostCSS before 8.4.31. It affects linters using PostCSS to parse external Cascading Style Sheets (CSS). There may be \r discrepancies, as demonstrated by @font-face{ font:(\r/*);} in a rule.
This vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the PostCSS output in CSS nodes (rules, properties) despite being originally included in a comment.
