Open pjhill opened 3 months ago
This may be blocked by a dependency that starts breaking things with vets-website's current node version (14.15.0)
The current vulnerability is tied to a <2.6 node-fetch dependency from isomorphic-fetch. Updating isomorphic-fetch to 3.0.0, which would update its node-fetch dependency requirement to ^2.0, breaks husky during the yarn install command, and appears to be tied to the current node.js version we use.
Description
https://github.com/department-of-veterans-affairs/vets-website/security/dependabot/27
Acceptance Criteria
node-fetch
has been upgraded to a patched version and dependabot is no longer flagging it