Update node-fetch dependency

^1.0.1 it’s fixed to version 1.0.1 and 1.0.2 won’t be picked up.

Not true. That’s only applicable if it’s a fixed version number w/o ^. ^ usually allows changes for minor and patch versions except for left-most zero based versions which are considered breaking changes. So, ^0.1.0 ranges to >=0.1.0 < 0.2.0 and ^0.0.1 ranges only to =>0.0.1 < 0.0.2 however, ^1.0.0 will allow ranges to >=1.0.0 < 2.0.0.

From that same link:-

Allows changes that do not modify the left-most non-zero digit in the [major, minor, patch] tuple. In other words, this allows patch and minor updates for versions 1.0.0 and above, patch updates for versions 0.X >=0.1.0, and no updates for versions 0.0.X.

i believe this isn’t necessary and can be closed