NPM vulnerability

[imjordanxd]

Attached directly from npm audit output:

Low	Denial of Service
Package	node-fetch
Patched in	>=2.6.1 <3.0.0-beta.1|| >= 3.0.0-beta.9
Dependency of	react-d3-components
Path	react-d3-components > create-react-class > fbjs > isomorphic-fetch > node-fetch
More info	https://npmjs.com/advisories/1556

Unfortunate transitive dependency. Unlikely to be updated?

[imjordanxd]

create-react-class has released a new version that no longer depends on fbjs. Can a patch of this package be released? @codesuki