PropTypes, a library for runtime type checking of React props, saw significant evolution between versions 0.2.0 and 15.5.0. Version 0.2.0, released in early 2016, was authored by Aaron Ackerman and represented an early extraction of PropTypes functionality directly from React. It relied on tools like Babel 4, Webpack 1, and Karma for development and testing. Its core dependency was the invariant package. Contrastingly, version 15.5.0, released in April 2017, reflects a mature stage of the library's lifecycle, being maintained by Facebook. This version depends on fbjs, Facebook's JavaScript utilities library, and utilizes Jest for testing. Crucially, version 15.5.0 demonstrates stronger ties to the React ecosystem, explicitly listing React and ReactDOM as development dependencies.
The license also changed from a simple "BSD" license to a more specific "BSD-3-Clause" license. The shift in repository URL from Aaron Ackerman's personal GitHub to the official Facebook React repository signals a significant transfer of ownership and integration into the React project itself. Developers should note that upgrading from such an early version would involve refactoring build processes and potentially adapting to changes in prop-type definitions and behavior accumulated over many releases. The later version benefits from tighter integration with React and a more robust testing environment.
All the vulnerabilities related to the version 15.5.0 of the package
node-fetch forwards secure headers to untrusted sites
node-fetch forwards secure headers such as authorization, www-authenticate, cookie, & cookie2 when redirecting to a untrusted site.
