React DOM version 15.5.0 introduces notable changes compared to its predecessor, version 15.4.2, primarily focusing on dependency updates. A key difference lies in the addition of prop-types as a direct dependency, specifically version ~15.5.0. This signifies a tighter integration and potential reliance on React's prop-types definition, which is valuable for developers because it can help catch incorrect usage during development and reduce the risk of runtime errors. This makes the new version more reliable and robust.
Furthermore, the fbjs dependency has been updated from ^0.8.1 to ^0.8.9, suggesting bug fixes and potential performance improvements in the underlying Facebook JavaScript utilities package. While loose-envify and object-assign dependencies remain unchanged, this indicates that the core build process and object manipulation methods are considered stable between the two versions. It's important to highlight the peer dependency on react, which has been updated to ^15.5.0, forcing developers to upgrade their React core library alongside React DOM. Thus, ensure your React build is also upgraded to the equivalent version.
These adjustments reveal a focus on strengthening the type checking and base utilities, making React DOM version 15.5.0 potentially more stable and developer-friendly, as long as projects are up to date with the main React library. Given the release date difference (April 2017 vs. January 2017), the update likely consolidates several months' worth of minor fixes and enhancements.
All the vulnerabilities related to the version 15.5.0 of the package
node-fetch forwards secure headers to untrusted sites
node-fetch forwards secure headers such as authorization, www-authenticate, cookie, & cookie2 when redirecting to a untrusted site.
