Autoprefixer version 9.8.5 is a patch release, an iteration over the preceding stable version 9.8.4. Both versions share the same core functionality: parsing CSS and adding vendor prefixes to CSS rules, ensuring compatibility across different browsers based on data from the "Can I Use" website. This makes handling browser compatibility seamless for developers. They also share the same dependencies for core operations, including postcss, colorette, browserslist, num2fraction, normalize-range, and postcss-value-parser, ensuring a consistent development experience.
The primary difference lies in the caniuse-lite dependency, which is bumped from version 1.0.30001087 in 9.8.4 to 1.0.30001097 in 9.8.5. This means that version 9.8.5 incorporates the latest browser compatibility data from "Can I Use" at the time of its release. This increment reflects updated browser support information, meaning the newer version has a more accurate and comprehensive understanding of which prefixes are needed for modern browsers. As a result, developers using autoprefixer version 9.8.5 will benefit from the most up-to-date prefixing rules, leading to improved cross-browser compatibility and potentially fewer manual adjustments to their CSS. The unpacked size also slightly increased, from 348961 to 349115, reflecting the addition of browser support data. Finally, version 9.8.5 was released on "2020-07-11" about two weeks after the previous version, released on "2020-06-24".
All the vulnerabilities related to the version 9.8.5 of the package
PostCSS line return parsing error
An issue was discovered in PostCSS before 8.4.31. It affects linters using PostCSS to parse external Cascading Style Sheets (CSS). There may be \r discrepancies, as demonstrated by @font-face{ font:(\r/*);} in a rule.
This vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the PostCSS output in CSS nodes (rules, properties) despite being originally included in a comment.
