restrict fake-xml-http-request to ~2.0.0 on the v2 branch

[zburke]

fake-xml-http-request v2.1.1 introduced breaking changes to the handling of the response property, identified in Issue 54. In previous releases, response was not always present, allowing fake-xml-http-response to interact with libraries such as whatwg-fetch that make decisions based on that behavior. Because pretender has a caret dep on fake-xml-http-request, that change effectively broke the previous major release (v2.x) of pretender because the PR addressing the change (#280) is only available for the current major release (v3.x).

An easy and low-impact solution would be to make a branch from the last commit on the v2 line and to push a new commit to that branch that changes the dependency on fake-xml-http-request from ^2.0.0 to ~2.0.0 in order to prevent the breaking change in the minor release from leaking through. Released as pretender v2.1.2, this would restore pretender's previous behavior in the v2 line without having any effect on the current major release.

[MikeTaylor]

Makes perfect sense to me.

[xg-wang]

Ugh sorry for that bad release and thanks for the suggestion!
Just pushed https://www.npmjs.com/package/pretender/v/2.1.2 and https://www.npmjs.com/package/pretender/v/3.0.5.