From eac6c00e9b24fec78475b15c2c3af44d1e454c31 Mon Sep 17 00:00:00 2001
From: wbt <wbt@users.noreply.github.com>
Date: Sun, 10 Apr 2022 14:37:26 -0400
Subject: [PATCH] Update away from vulnerable version of node-fetch (#135)

Backporting #124 to the 2.x branch for dependencies stuck on that which can't get a PR for moving on reviewed, e.g. https://github.com/MetaMask/web3-provider-engine/pull/404
---
 package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/package.json b/package.json
index 1ee8d15..575be36 100644
--- a/package.json
+++ b/package.json
@@ -61,7 +61,7 @@
     "url": "https://github.com/lquixada/cross-fetch/issues"
   },
   "dependencies": {
-    "node-fetch": "2.6.1",
+    "node-fetch": "^2.6.7",
     "whatwg-fetch": "2.0.4"
   },
   "devDependencies": {