Autoprefixer version 9.4.4 represents a minor update over its predecessor, version 9.4.3, focusing primarily on dependency updates and refinements rather than introducing major new features. Both versions share the core functionality of parsing CSS and adding vendor prefixes automatically, leveraging data from the "Can I Use" website to ensure compatibility across different browsers.
A key difference lies in the updated dependencies. Version 9.4.4 incorporates postcss version ^7.0.7 and browserslist version ^4.3.7, and caniuse-lite at version ^1.0.30000926, whereas version 9.4.3 relies on postcss version ^7.0.6, browserslist version ^4.3.6, and caniuse-lite version ^1.0.30000921. These dependency bumps likely include bug fixes, performance improvements, and potentially updated browser support information within caniuse-lite. The updated browserslist and caniuse-lite ensures that Autoprefixer is using the most current data to determine which prefixes are required based on evolving browser support.
Another notable difference is the slight increase in the unpacked size, from 322961 bytes in 9.4.3 to 323602 bytes in 9.4.4, potentially due to the updated dependencies or minor code adjustments. Developers should upgrade to version 9.4.4 primarily to benefit from the improved dependency stability and potentially enhanced browser compatibility derived from the caniuse-lite data update. Given the minor nature of the changes, the upgrade should be seamless for most users, providing a more refined and up-to-date prefixing experience.
All the vulnerabilities related to the version 9.4.4 of the package
PostCSS line return parsing error
An issue was discovered in PostCSS before 8.4.31. It affects linters using PostCSS to parse external Cascading Style Sheets (CSS). There may be \r discrepancies, as demonstrated by @font-face{ font:(\r/*);} in a rule.
This vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the PostCSS output in CSS nodes (rules, properties) despite being originally included in a comment.
