Node-fetch is a lightweight module designed to bring the window.fetch API, familiar to browser-based JavaScript developers, to Node.js and io.js environments. This allows developers to use the same intuitive API for making HTTP requests on both the client and server-side, promoting code reusability and simplifying cross-platform development. Version 1.3.2 builds upon the solid foundation of 1.3.1, primarily offering incremental improvements and bug fixes. Both versions share the same core dependencies, relying on the encoding package to handle character encoding, ensuring compatibility with various data formats. The developer dependencies, crucial for testing and development, remain consistent between the two versions, including tools like bluebird for promises, chai for assertions, istanbul for code coverage and mocha for running the tests. A new tool has been added for testing form-data.
The key distinction between version 1.3.2 and 1.3.1 lies in its refined stability and any potential underlying bug fixes addressed in the release. While the core functionality remains the same, users upgrading to 1.3.2 benefit from the latest patches and enhancements that contribute to a more reliable and predictable experience. For developers already using node-fetch, upgrading to 1.3.2 is generally recommended to leverage these improvements.
All the vulnerabilities related to the version 1.3.2 of the package
node-fetch forwards secure headers to untrusted sites
node-fetch forwards secure headers such as authorization, www-authenticate, cookie, & cookie2 when redirecting to a untrusted site.
