A security problem with the outdated version of "isomorphic-fetch" library

Question

A security problem with the outdated version of "isomorphic-fetch" library

Opened this issue a year ago · 1 comments

Hi,
I have a question.

I'm using node-wit in one of my projects,
Recently I ran a security checker tool on my project and it raised a problem with node-wit

The problem is because of an outdated dependency.
The latest version of node-wit (v.6.6.0) uses the outdated version of isomorphic-fetch (v.2.2.1)
Also that outdated library uses an outdated version of node-fetch (v.1.0.1)

The security check needs a higher version of node-fetch
So it fails due to this.
It can be passed just by updating the isomorphic-fetch to its next version as a dependency of node-with.

Is there any plan to update this dependency?

Thanks in advance
Emad

Answer 1 · 2024-02-29T15:15:54.000Z

It'd be great if this package could be updated. @patapizza