Autoprefixer is a valuable tool for web developers, automatically adding vendor prefixes to CSS rules, ensuring compatibility across different browsers. Examining versions 9.4.4 and 9.4.5 reveals subtle but important changes. Version 9.4.5, released on January 12, 2019, builds upon the previous stable version 9.4.4, released on January 3, 2019.
The key differences lie in the updated dependencies. Autoprefixer 9.4.5 integrates postcss version "^7.0.11", browserslist version "^4.4.0", and most notably, caniuse-lite version "^1.0.30000928". This is an evolution from version 9.4.4, which used postcss "^7.0.7", browserslist "^4.3.7", and caniuse-lite "^1.0.30000926". The bump in caniuse-lite is significant, this library informs Autoprefixer about the specific browser support for various CSS features. Updating it enhances Autoprefixer's ability to accurately determine which prefixes are needed, leading to more effective and relevant prefixing. The updated postcss and browserslist versions likely incorporate bug fixes, performance improvements, and potentially support for newer CSS syntax. Furthermore, the unpackedSize increased slightly from 323602 to 325577, and the fileCount also went up slightly from 75 to 76. This shows the minimal but significant updates to the package.
For developers, upgrading to Autoprefixer 9.4.5 means benefiting from the most up-to-date browser compatibility data, potentially reducing the risk of missing necessary prefixes and ensuring a more consistent user experience across different browsers.
All the vulnerabilities related to the version 9.4.5 of the package
PostCSS line return parsing error
An issue was discovered in PostCSS before 8.4.31. It affects linters using PostCSS to parse external Cascading Style Sheets (CSS). There may be \r discrepancies, as demonstrated by @font-face{ font:(\r/*);} in a rule.
This vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the PostCSS output in CSS nodes (rules, properties) despite being originally included in a comment.
