node-fetch 2.6.0 security vulnerability in package.json

[kulnor]

Describe the bug

Just installed asyncapi CLI and used this template to generate a new server project. Noticed an issue in the package.json as a security vulnerability is being reported for node-fetch 2.6.0. The quick fix is to update to the latest version, which is currently 3.3.1 (assuming this is compatible with generated code)

How to Reproduce

• Generate a simple project from a asyncapi.yaml file using this template
• Open the project in Visual Studio Code
• Open the package.json file
  

How to fix

In package.json change
"node-fetch": "2.6.0",
to
"node-fetch": "3.3.1",

Expected behavior

No issue should be reported in a freshly generated project.

[github-actions]

Welcome to AsyncAPI. Thanks a lot for reporting your first issue. Please check out our contributors guide and the instructions about a basic recommended setup useful for opening a pull request.
Keep in mind there are also other channels you can use to interact with AsyncAPI community. For more details check out this issue.

[derberg]

Thanks a lot for this issue. This is not very critical for the template as tbh I don't think anyone is using this lambda extension that requires fetch. Nevertheless we need to bump the dependency. Do you want to open a PR?