Autoprefixer, a vital tool for web developers, automates the addition of vendor prefixes to CSS rules, ensuring compatibility across various web browsers. Comparing version 9.7.0 with the prior stable release, 9.6.5, reveals subtle yet significant updates. Both versions share the core functionality of parsing CSS and leveraging data from "Can I Use" to apply necessary prefixes. Key dependencies such as chalk, num2fraction, normalize-range, and postcss-value-parser remain consistent, indicating a stable foundation.
However, notable changes lie in updated dependency versions. postcss sees an upgrade from 7.0.18 to 7.0.19, and browserslist advances from 4.7.0 to 4.7.2, reflecting ongoing efforts to support newer browser versions and features. The caniuse-lite dependency, which provides the crucial browser compatibility data, jumps from version 1.0.30000999 to 1.0.30001004. This directly implies more up-to-date information on browser support, leading to more accurate and comprehensive prefixing.
Furthermore, the unpacked size of version 9.7.0 is slightly larger (336512 bytes) than 9.6.5 (335293 bytes), suggesting the inclusion of additional data or code optimizations. Finally, the release dates indicate that version 9.7.0 was published approximately ten days after 9.6.5, meaning developers benefit from a more recent snapshot of the ever-evolving browser landscape when using the newer version. These updates, while seemingly minor, contribute to a more robust and accurate prefixing process.
All the vulnerabilities related to the version 9.7.0 of the package
PostCSS line return parsing error
An issue was discovered in PostCSS before 8.4.31. It affects linters using PostCSS to parse external Cascading Style Sheets (CSS). There may be \r discrepancies, as demonstrated by @font-face{ font:(\r/*);} in a rule.
This vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the PostCSS output in CSS nodes (rules, properties) despite being originally included in a comment.
