Vue-resource is a lightweight HTTP client specifically designed for Vue.js, simplifying interactions with backend APIs. Comparing version 1.2.0 with the previous stable release, 1.1.2, reveals a notable shift with the introduction of a new dependency: "got" at version "^6.7.1". Notably, this dependency became an explicit dependency for the package, so it needed to be added in the package dependencies rather than devDependencies.
While both versions share the same core development dependencies like Vue.js, Buble, Rollup, Webpack, and UglifyJS for building and testing, this addition signifies potential enhancements or changes in how HTTP requests are handled within the library. Developers should investigate "got" and how it affected http requests using vue-resource. The packages share MIT licenses, so developers keep the freedom to use the package on different types of projects.
Another difference lies in the repository URL. Version 1.2.0 points to "github.com/pagekit/vue-resource.git" whereas version 1.1.2 points to "github.com/vuejs/vue-resource.git". This indicates a possible change in the project's maintainership or organizational structure. Developers migrating from earlier versions should be aware of this change, especially when reporting issues or contributing to the project.
Finally, the release dates show that version 1.2.0 was published a few days after 1.1.2, providing a relatively short development window between the two versions. The change of maintainership should be well understood before migrating to the 1.2.0 version.
All the vulnerabilities related to the version 1.2.0 of the package
Got allows a redirect to a UNIX socket
The got package before 11.8.5 and 12.1.0 for Node.js allows a redirect to a UNIX socket.
