node-wit icon indicating copy to clipboard operation
node-wit copied to clipboard

Published 20 hours ago verified publisher icon wit-ai

A security problem with the outdated version of "isomorphic-fetch" library

Open Emad-Armoun opened this issue 1 year ago • 1 comments

Hi, I have a question.

I'm using node-wit in one of my projects, Recently I ran a security checker tool on my project and it raised a problem with node-wit

The problem is because of an outdated dependency. The latest version of node-wit (v.6.6.0) uses the outdated version of isomorphic-fetch (v.2.2.1) Also that outdated library uses an outdated version of node-fetch (v.1.0.1)

The security check needs a higher version of node-fetch So it fails due to this. It can be passed just by updating the isomorphic-fetch to its next version as a dependency of node-with.

Is there any plan to update this dependency?

Thanks in advance Emad

Emad-Armoun avatar Jan 15 '24 20:01 Emad-Armoun

It'd be great if this package could be updated. @patapizza

magnusburton avatar Feb 29 '24 15:02 magnusburton