Node-fetch, a lightweight module bringing the window.fetch API to Node.js, saw a minor version bump from 1.6.2 to 1.6.3. Both versions share the same core purpose: providing a familiar, promise-based interface for making HTTP requests in a Node.js environment. Key dependencies like encoding and is-stream remain consistent between the two versions, ensuring compatibility with common stream and encoding handling needs.
The primary difference lies in the devDependencies. While most are identical, the form-data dependency exhibits a change. Version 1.6.2 relied on version ^1.0.0-rc1 (a release candidate) the newer version depends on ">=1.0.0". This indicates a shift toward stable versions of form-data. This subtle update likely addresses bug fixes or feature enhancements within the form-data package, improving its utility for handling form submissions. Developers should be aware of this indirect dependency update when migrating between versions.
Furthermore, a two-day gap exists between the release dates, with version 1.6.3 surfacing on September 26, 2016, following the release of version 1.6.2. This suggests a quick follow-up release, potentially incorporating important fixes or minor adjustments discovered shortly after the initial release. When developers need to include the node-fetch library to their Node.js projects that use form data submissions, the 1.6.3 version represents a potentially more stable default thanks to the newer dependency.
All the vulnerabilities related to the version 1.6.3 of the package
node-fetch forwards secure headers to untrusted sites
node-fetch forwards secure headers such as authorization, www-authenticate, cookie, & cookie2 when redirecting to a untrusted site.
