Node-fetch is a lightweight module designed to bring the window.fetch API, familiar to web developers, to Node.js and io.js environments. Comparing versions 1.7.1 and 1.7.0 reveals a minimal update, primarily distinguished by the releaseDate. Version 1.7.1 was released on June 3rd, 2017, while version 1.7.0 was released on May 23rd, 2017.
Both versions share identical core functionalities, dependencies (like "encoding" for broader character set support and "is-stream" for stream handling), and development dependencies used for testing and code coverage. These include tools like "bluebird" for promise management, "chai" for assertions, "istanbul" for code coverage reporting, and "mocha" for running tests. Developers relying on node-fetch for making HTTP requests in their Node.js applications should note the stability of the package, indicated by the consistency between these versions.
The absence of changes in dependencies or core code suggests that version 1.7.1 likely contains minor bug fixes, performance improvements, or documentation updates compared to 1.7.0. Users encountering specific issues in 1.7.0 might find upgrading to 1.7.1 worthwhile. For new users, either version provides a solid foundation for using the fetch API in a Node.js context, offering a consistent and standardized way to perform web requests.
All the vulnerabilities related to the version 1.7.1 of the package
node-fetch forwards secure headers to untrusted sites
node-fetch forwards secure headers such as authorization, www-authenticate, cookie, & cookie2 when redirecting to a untrusted site.
