Autoprefixer 9.4.7 is a minor release of a crucial CSS post-processor, designed to automatically add vendor prefixes to CSS rules, ensuring compatibility across different browsers. Comparing it to the preceding version, 9.4.6, several key differences emerge. The most notable change lies within its dependencies. Autoprefixer 9.4.7 upgrades its postcss dependency from 7.0.13 to 7.0.14 and the caniuse-lite data, which informs prefixing decisions, goes from version 1.0.30000929 to 1.0.30000932. This indicates updates to supported browser versions and feature implementations requiring prefixes.
For developers, this means enhanced and more accurate vendor prefixing, reducing the need for manual intervention and improving cross-browser consistency. While seemingly small, the caniuse-lite update ensures that Autoprefixer is leveraging the latest browser compatibility data, providing the most up-to-date prefixing rules. The updated postcss dependency likely includes bug fixes and performance improvements, further stabilizing the post-processing workflow. The unpacked size of Autoprefixer 9.4.7 is marginally larger (326905 bytes) than 9.4.6 (325634 bytes), reflecting the additional data and potentially minor code changes within the dependency updates. Developers should always aim to use the latest version for optimal performance and browser support.
All the vulnerabilities related to the version 9.4.7 of the package
PostCSS line return parsing error
An issue was discovered in PostCSS before 8.4.31. It affects linters using PostCSS to parse external Cascading Style Sheets (CSS). There may be \r discrepancies, as demonstrated by @font-face{ font:(\r/*);} in a rule.
This vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the PostCSS output in CSS nodes (rules, properties) despite being originally included in a comment.
