medikoo
commented
4 years ago @andrewspinks thanks for pointined. Indeed we didn't introduce a patch release after dropping isomorphic-fetch.
v2.3.2 was published just now, and it'll be ensured to be picked with next version of a Framework
andrewspinks
npm audit is reporting a security warning as the last released version of the sdk was still using isomorphic-fetch, which depends on an old version of node-fetch with a reported security vulnerability.
It seems like the isomorphic-fetch dep has been removed, so I suspect a new release will fix the issue.