Autoprefixer version 9.4.10 is a minor update to the popular CSS prefixing tool, building upon the foundation laid by version 9.4.9. The core functionality remains consistent: parsing CSS and automatically adding vendor prefixes to ensure cross-browser compatibility. Developers familiar with Autoprefixer can expect a seamless transition, as the primary goal is to enhance existing capabilities rather than introduce radical changes.
The key difference lies in the updated caniuse-lite dependency. Version 9.4.10 utilizes caniuse-lite version ^1.0.30000940, while 9.4.9 relies on ^1.0.30000939. This dependency powers the library's knowledge of browser compatibility. This update means that autoprefixer version 9.4.10 has a more up-to-date knowledge of browser support for various CSS features. Developers benefit from improved prefixing accuracy, targeting a more precise set of browsers and avoiding unnecessary prefixes for features that are already widely supported. The unpacked size of the newer version is slightly larger (327422 vs 327016), hinting at more data for browser compatibility included in the newer caniuse-lite dependency. Keep your autoprefixer up to date to ensure the most accurate and efficient prefixing for optimal front-end development.
All the vulnerabilities related to the version 9.4.10 of the package
PostCSS line return parsing error
An issue was discovered in PostCSS before 8.4.31. It affects linters using PostCSS to parse external Cascading Style Sheets (CSS). There may be \r discrepancies, as demonstrated by @font-face{ font:(\r/*);} in a rule.
This vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the PostCSS output in CSS nodes (rules, properties) despite being originally included in a comment.
