Autoprefixer version 9.7.4 is a patch release building upon the 9.7.3 version of this popular CSS prefixer tool. Both versions share the same core functionality: parsing CSS and adding vendor prefixes automatically, based on data from the "Can I Use" website. This simplifies cross-browser compatibility by ensuring that your CSS works across different browsers and versions, saving developers significant time and effort. The tool is licensed under the MIT license, granting developers wide flexibility with its usage.
The key differences between versions 9.7.4 and 9.7.3 lie in their dependencies. Version 9.7.4 upgraded postcss from version 7.0.23 to 7.0.26, browserslist from 4.8.0 to 4.8.3, and caniuse-lite from 1.0.30001012 to 1.0.30001020. These updated dependencies likely bring bug fixes, performance improvements, and potentially support for newer browser versions or CSS features that are reflected in the Can I Use data. The slight increase in unpacked size from 340531 to 340554 in the newer version probably reflects the additional data or code within the updated dependencies.
For developers, this means upgrading to 9.7.4 ensures you have the latest browser compatibility data, potentially avoiding issues with newer CSS features. Updating postcss and browserslist can also bring performance and bug-fixing enhancements. Developers should upgrade to 9.7.4 for the most up-to-date and reliable prefixing experience, benefiting from the incremental improvements and ensuring best support for the latest web technologies.
All the vulnerabilities related to the version 9.7.4 of the package
PostCSS line return parsing error
An issue was discovered in PostCSS before 8.4.31. It affects linters using PostCSS to parse external Cascading Style Sheets (CSS). There may be \r discrepancies, as demonstrated by @font-face{ font:(\r/*);} in a rule.
This vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the PostCSS output in CSS nodes (rules, properties) despite being originally included in a comment.
