Styled-components version 3.4.0 introduces several notable changes compared to its predecessor, version 3.3.3, impacting developers using this popular CSS-in-JS library. One key difference lies in the dependency list. Version 3.4.0 has dropped is-plain-object from its core dependencies while adding stylis-rule-sheet. Both versions maintain core dependencies like fbjs, buffer, stylis, react-is, prop-types, supports-color, css-to-react-native, and hoist-non-react-statics, ensuring foundational functionality remains consistent.
In the devDependencies section, the updates are more substantial. 3.4.0 upgrades several packages. For example, rollup is upgraded from version 0.52.2 to 0.61.1. Similarly, puppeteer is bumped up from 1.4.0 to 1.5.0. Several rollup plugins are updated to newer versions as well. Conversely, numerous packages have been removed or replaced, including rollup-plugin-uglify,rollup-plugin-json, rollup-plugin-commonjs,rollup-plugin-visualizer These changes suggest a shift in the build process or development tooling used by the styled-components team.
For developers, upgrading to 3.4.0 involves understanding these replaced dependencies, and ensuring compatibility with their own projects. If, for example, any custom build scripts or tooling depended on rollup-plugin-uglify, adjustments are needed to align with the updated build pipeline. The core styling functionality remains largely unaffected, but developers are encouraged to review the changelog for a comprehensive list of changes and potential breaking changes before upgrading. Given the minor version bump, the migration should be relatively smooth, but awareness of the dependency changes is crucial for a seamless transition.
All the vulnerabilities related to the version 3.4.0 of the package
node-fetch forwards secure headers to untrusted sites
node-fetch forwards secure headers such as authorization, www-authenticate, cookie, & cookie2 when redirecting to a untrusted site.
