Jest-fetch-mock, a utility designed to facilitate testing JavaScript code that relies on the fetch API within the Jest testing framework, saw a notable update moving from version 1.2.1 to 1.3.0. While both versions serve the core purpose of mocking fetch requests, a significant change lies in their dependencies. Version 1.2.1 relied on the whatwg-fetch package to provide the fetch implementation, while version 1.3.0 switched to isomorphic-fetch.
This dependency shift is crucial for developers because isomorphic-fetch provides a more comprehensive and robust fetch implementation that is compatible with both client-side (browser) and server-side (Node.js) environments. This is particularly beneficial for developers working on projects that utilize server-side rendering or universal JavaScript, as it ensures consistent behavior across different environments. The update also incorporates some general improvements.
For developers already using jest-fetch-mock, the upgrade to 1.3.0 is advisable to leverage the improved fetch implementation and broader environment compatibility. The MIT license remains consistent between both versions, providing developers with the freedom to use, modify, and distribute the library. The tarball URLs provide quick access to download the distributions for each version directly from the npm registry.
All the vulnerabilities related to the version 1.3.0 of the package
node-fetch forwards secure headers to untrusted sites
node-fetch forwards secure headers such as authorization, www-authenticate, cookie, & cookie2 when redirecting to a untrusted site.
