vulnerability found in dependency

[xemayebenes]

Last version throws audit fails

.	-
Low	Denial of Service
Package	node-fetch
Patched in	>=2.6.1 <3.0.0-beta.1
Dependency of	avatax
Path	avatax > isomorphic-fetch > node-fetch
More info	https://npmjs.com/advisories/1556

Are you planning to fix this dependency?

[Eric-Dunaway]

https://snyk.io/advisor/npm-package/avatax

isomorphic-fetch v3 is out https://github.com/matthew-andrews/isomorphic-fetch/releases/tag/v3.0.0
Snyk Report on isomorphic-fetch@3.0.0

This PR fixed the issue with the out of date node-fetch in isomorphic-fetch
matthew-andrews/isomorphic-fetch#189

[eboureau]

HI, any news on that one?
There is now a High vulnerability in node-fetch dependency, when do you plan to upgrade to isomorphic-fetch@3.0.0?

[eboureau]

I also think you should get rid of isomorphic-fetch and just use node-fetch@2.6.7. IMO isomorphic-fetch has no added value using node.js

[chelevich]

seems to be resolved by 7d87bb4

[svc-developer]

Resolved in 22.5.0.
Thanks