Styled-components, a popular library for styling React applications using CSS-in-JS, released version 3.2.4 as a minor update to the previous stable version 3.2.3. Both versions empower developers to write CSS code directly within their JavaScript components, leveraging the best aspects of ES6 and CSS for a more maintainable and component-centric styling approach. Key benefits include automatic vendor prefixing, component-level styling, and dynamic styling based on props.
The primary difference between these two versions lies in their dependencies. Version 3.2.4 updates the fbjs (Facebook JavaScript SDK) dependency to a newer version (^0.8.16) and removes the opencollective dependency, potentially indicating changes related to the library's integration with the Open Collective platform. On the other hand version 3.2.3 uses the fbjs version ^0.8.9 and uses the opencollective version ^1.0.3. These changes could impact functionalities related to social features or community funding mechanisms. Developers are adviced to check the changelog. The file count and unpacked size of the package also underwent a minor change between the versions, indicating potentially minor code updates or changes to included assets. With 3.2.4 having 272 files and 2698869 unpacked size while the 3.2.3 had 271 files and a smaller 2694156 unpacked size. For developers already using styled-components, upgrading to 3.2.4 is generally safe assuming the fbjs and opencollective dependencies changes do not affect the application, ensuring they benefit from the latest improvements and bug fixes.
All the vulnerabilities related to the version 3.2.4 of the package
node-fetch forwards secure headers to untrusted sites
node-fetch forwards secure headers such as authorization, www-authenticate, cookie, & cookie2 when redirecting to a untrusted site.
