React version 15.6.0, released on June 13, 2017, builds upon the previous stable release, 15.5.4, released on April 11, 2017, offering enhancements and a key addition for developers. Both versions share the core description as a JavaScript library for building user interfaces and maintain the same BSD-3-Clause license. They also rely on similar foundational dependencies, including fbjs, prop-types, loose-envify, and object-assign, ensuring a consistent base for React development. The primary difference lies in the introduction of the create-react-class dependency in version 15.6.0, with a specified version constraint of "^15.5.2".
This addition is significant for developers who continue to use the create-react-class helper. React had previously moved away from encouraging the use of mixins and consequently began deprecating React.createClass. While the core team recommends ES6 classes or pure functions utilizing hooks for modern React development, the inclusion of create-react-class provides backward compatibility and eases the transition for projects still reliant on this older pattern. Developers upgrading from 15.5.4 to 15.6.0 should be aware of this change and how it impacts their codebase, particularly if they were managing the create-react-class dependency separately. The new version of react is a drop-in replacement if you already use ES6 classes or pure function.
All the vulnerabilities related to the version 15.6.0 of the package
node-fetch forwards secure headers to untrusted sites
node-fetch forwards secure headers such as authorization, www-authenticate, cookie, & cookie2 when redirecting to a untrusted site.
