React 15.0.0 marks a significant update from version 0.14.10 in the popular JavaScript library for building user interfaces. While both versions share the same core purpose and BSD-3-Clause license, several key under-the-hood changes impact developers. One notable difference lies in the dependencies. React 15.0.0 introduces loose-envify and object-assign as dependencies and upgrades fbjs to version ^0.8.0. This contrasts with version 0.14.10, which relied on fbjs version ^0.6.1 and envify. these dependency updates likely reflect improvements in performance, code optimization, or compatibility with newer JavaScript environments, or maybe introduces new functionalities provided by those updated dependencies that the new version is using.
Furthermore, the dist object reveals differences in the package distribution. While version 0.14.10 provides details like fileCount and unpackedSize, these are missing in the 15.0.0 data, suggesting a possible change in how the package is structured or distributed. Developers considering upgrading should pay close attention to these dependency changes and potential breaking changes associated with a major version bump. While the core description remains the same, expect underlying improvements and possibly new features bundled into React 15.0.0, that could improve the development experience, optimize performance, or provide access to new tools and functionalities. Examining the official React changelog for version 15.0.0 is highly recommended.
All the vulnerabilities related to the version 15.0.0 of the package
node-fetch forwards secure headers to untrusted sites
node-fetch forwards secure headers such as authorization, www-authenticate, cookie, & cookie2 when redirecting to a untrusted site.
