Autoprefixer is a crucial tool for web developers, automatically adding vendor prefixes to CSS rules, ensuring cross-browser compatibility based on data from "Can I Use." Comparing versions 9.4.9 and 9.4.8 reveals subtle yet important differences impacting developers. Both versions rely on PostCSS, Browserslist, caniuse-lite, and other utilities. The key distinctions lie in dependency updates, specifically within the browserslist and caniuse-lite packages. Version 9.4.9 utilizes browserslist version 4.4.2, a minor upgrade from 9.4.8's 4.4.1. Also the caniuse-lite package experiences an update from 1.0.30000938 to 1.0.30000939. Although seemingly minor, this is very important because these upgrades translate to enhanced browser support detection and more accurate prefixing, crucial for staying current with the evolving web landscape and ultimately reducing the need for manual prefix management. The file size of the newer version 9.4.9 increased marginally because it contains updated information for more accurate prefixing decisions. These updates are released frequently to address bug fixes, optimizations, and, most importantly, reflects the changes happening in browser releases, which means greater web development and compatibility.
All the vulnerabilities related to the version 9.4.9 of the package
PostCSS line return parsing error
An issue was discovered in PostCSS before 8.4.31. It affects linters using PostCSS to parse external Cascading Style Sheets (CSS). There may be \r discrepancies, as demonstrated by @font-face{ font:(\r/*);} in a rule.
This vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the PostCSS output in CSS nodes (rules, properties) despite being originally included in a comment.
