Autoprefixer is a powerful PostCSS plugin that automatically adds vendor prefixes to your CSS rules, ensuring cross-browser compatibility using data from Can I Use. Version 9.2.1, released on October 16, 2018, builds upon the previous stable version, 9.2.0, which was released just two days earlier on October 14, 2018. Both versions share the same core functionality, description, dependencies on key packages like postcss, browserslist, num2fraction, normalize-range, and postcss-value-parser, license, repository details, and author.
The primary difference between the two versions lies in the caniuse-lite dependency. Version 9.2.1 updates this dependency to ^1.0.30000892, while version 9.2.0 uses ^1.0.30000890. This indicates an update to the browser compatibility data source used by Autoprefixer. This seemingly small change means 9.2.1 has more up-to-date information on browser support for various CSS features, providing more accurate and comprehensive prefixing. Furthermore, the unpackedSize is slightly larger in version 9.2.1 (301475) compared to 9.2.0 (301432) probably due to the updated caniuse-lite content.
For developers, using Autoprefixer simplifies the process of writing CSS that works across different browsers. Updating to the latest version, like 9.2.1, ensures access to the most current browser compatibility data, leading to more accurate and effective vendor prefixing, and in the end, better compatibility. While seemingly minor, this update can save time and effort by automating the task of managing vendor prefixes manually.
All the vulnerabilities related to the version 9.2.1 of the package
PostCSS line return parsing error
An issue was discovered in PostCSS before 8.4.31. It affects linters using PostCSS to parse external Cascading Style Sheets (CSS). There may be \r discrepancies, as demonstrated by @font-face{ font:(\r/*);} in a rule.
This vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the PostCSS output in CSS nodes (rules, properties) despite being originally included in a comment.
