node-fetch 2.6.0 security vulnerability in package.json
Opened this issue · 2 comments
Describe the bug
Just installed asyncapi CLI and used this template to generate a new server project. Noticed an issue in the package.json as a security vulnerability is being reported for node-fetch 2.6.0. The quick fix is to update to the latest version, which is currently 3.3.1 (assuming this is compatible with generated code)
How to Reproduce
- Generate a simple project from a asyncapi.yaml file using this template
- Open the project in Visual Studio Code
- Open the package.json file
How to fix
In package.json change
"node-fetch": "2.6.0",
to
"node-fetch": "3.3.1",
Expected behavior
No issue should be reported in a freshly generated project.
Welcome to AsyncAPI. Thanks a lot for reporting your first issue. Please check out our contributors guide and the instructions about a basic recommended setup useful for opening a pull request.
Keep in mind there are also other channels you can use to interact with AsyncAPI community. For more details check out this issue.
Thanks a lot for this issue. This is not very critical for the template as tbh I don't think anyone is using this lambda extension that requires fetch. Nevertheless we need to bump the dependency. Do you want to open a PR?