Autoprefixer, a vital tool for web developers, automatically adds vendor prefixes to CSS rules, ensuring compatibility across different browsers by leveraging data from Can I Use. Comparing versions 9.4.6 and 9.4.5, several key differences emerge that would be of interest to developers. Version 9.4.6 boasts updated dependencies; specifically, it upgrades postcss from ^7.0.11 to ^7.0.13, browserslist from ^4.4.0 to ^4.4.1, and significantly, caniuse-lite is updated from ^1.0.30000928 to ^1.0.30000929. This caniuse-lite update, in particular, signifies the inclusion of the latest browser compatibility data, directly influencing the accuracy and effectiveness of the prefixing process. The file size also sees a very slight increase in the unpacked size.
Developers should note these dependency upgrades as they potentially introduce bug fixes, performance improvements, and support for newer CSS features and browser versions. While the core functionality of Autoprefixer remains consistent, these updates ensure developers are using the most current browser support information, making their stylesheets more robust and future-proof. Upgrading to version 9.4.6 offers peace of mind knowing that prefixing adheres to the latest browser landscape, minimizing compatibility issues and streamlining the development workflow, all while maintaining a very similar footprint to the previous version. Finally, version 9.4.6 was released on January 21, 2019, about nine days after version 9.4.5.
All the vulnerabilities related to the version 9.4.6 of the package
PostCSS line return parsing error
An issue was discovered in PostCSS before 8.4.31. It affects linters using PostCSS to parse external Cascading Style Sheets (CSS). There may be \r discrepancies, as demonstrated by @font-face{ font:(\r/*);} in a rule.
This vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the PostCSS output in CSS nodes (rules, properties) despite being originally included in a comment.
