React version 15.0.2, released on April 30, 2016, is a minor update to the popular JavaScript library focused on user interface development, building upon the foundation laid by version 15.0.1, released earlier that month on April 8, 2016. Both versions share the same core description, stating React's purpose as a library for crafting UIs, and depend on the same core set of underlying packages: fbjs, loose-envify, and object-assign. The license remains BSD-3-Clause across both versions, and the source code repository remains consistent on GitHub.
While the code base is highly similar, the critical difference lies in the specific release date. Moving from 15.0.1 to 15.0.2 means incorporating any bug fixes, performance enhancements, or minor feature tweaks that the React team addressed in the three weeks between the releases. Typically, minor version bumps like this don't introduce breaking changes, so upgrading is generally straightforward. Developers should consult the React changelog associated with version 15.0.2 on the project's GitHub repository to get a precise understanding of all the changes incorporated since 15.0.1. This review will highlight specific bug fixes or minor enhancements relevant to individual projects that might justify upgrading. The dist entries point to the compressed tarball available from the npm registry for easy download and integration. For developers this means a small time investment to a potentially more stable and efficient version.
All the vulnerabilities related to the version 15.0.2 of the package
node-fetch forwards secure headers to untrusted sites
node-fetch forwards secure headers such as authorization, www-authenticate, cookie, & cookie2 when redirecting to a untrusted site.
