Scc 4043

[danamansana]

• Bump Node version to 20
• Associated changes to CHANGELOG.md, README.md, package.json, package-lock.json

[nonword]

I see a failing test locally. Can you add a minimal .travis.yml(or gh actions) to catch that? It also looks like there are some npm audit notices.

[danamansana]

Which test do you see failing locally? I don't see any failures. As for npm audit, this is what I get:

# npm audit report

axios  0.8.1 - 0.27.2
Severity: moderate
Axios Cross-Site Request Forgery Vulnerability - https://github.com/advisories/GHSA-wf5p-g6vw-rhxx
No fix available
node_modules/axios
node_modules/axios-concurrency/node_modules/axios
  axios-concurrency  *
  Depends on vulnerable versions of axios
  node_modules/axios-concurrency

2 moderate severity vulnerabilities

Some issues need review, and may require choosing
a different dependency.

Not sure if that can be fixed without switching out axios-concurrency. I can take a look to see if that is doable.

[nonword]

Not sure if that can be fixed without switching out axios-concurrency. I can take a look to see if that is doable.

I took a look and it does seem like axios-concurrency has an unavoidable moderate vuln. Our use of axios-concurrency is kind of key. I don't see support for limiting concurrency in native fetch. So I'll ticket coming back to this and using another limiting method like p-limit (and maybe migrating off axios).