Node-fetch is a lightweight module that brings the Fetch API, familiar from browsers, to Node.js environments. Comparing versions 3.2.4 and 3.2.3 reveals subtle but potentially important refinements. Both versions share identical dependencies, including data-uri-to-buffer, fetch-blob, and formdata-polyfill, ensuring consistent handling of data URIs and form data. Similarly, the development dependencies remain the same, utilizing tools like chai for assertions, mocha for testing, and xo for linting, showing a commitment to code quality and consistent development practices. The core functionalities and developer experience are maintained across both versions.
The key difference lies in the dist section, specifically the unpackedSize. Version 3.2.4 has an unpacked size of 105883 bytes, while version 3.2.3 has 105816 bytes which hints at internal changes, bug fixes, or performance improvements. Additionally, the release date of 3.2.4 is later than 3.2.3 meaning that it is the newer version. Developers should consider upgrading to the latest release as it will most likely contain bug fixes. Although the specifics of these changes aren't detailed in the metadata alone, it suggests that version 3.2.4 is addressing some underlying issues or providing minor enhancements that the previous version didn't include. For projects prioritizing the latest bug fixes and incremental improvements, upgrading to node-fetch 3.2.4 should be considered.
All the vulnerabilities related to the version 3.2.4 of the package
node-fetch Inefficient Regular Expression Complexity
node-fetch is a light-weight module that brings window.fetch to node.js.
Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) in the isOriginPotentiallyTrustworthy() function in referrer.js, when processing a URL string with alternating letters and periods, such as 'http://' + 'a.a.'.repeat(i) + 'a'.
