use node fetch instead of axios

[andreainnocenti]

Hello team,
I noticed that this project currently supports Node.js ≥ 20. Since Node.js v20 will reach end of life at the end of April 2026, should we start considering an upgrade path?
As part of this, we might evaluate moving away from external HTTP clients (e.g., axios) and rely on the built‑in fetch API, which has been officially supported in Node.js since v18. Reducing external dependencies could help lower our exposure to supply‑chain vulnerabilities (for example, the recent axios compromise: https://opensourcemalware.com/blog/axios-compromised).

[andreainnocenti]

it is happening again GHSA-3p68-rc4w-qgx5

[pyrooka]

I noticed that this project currently supports Node.js ≥ 20. Since Node.js v20 will reach end of life at the end of April 2026, should we start considering an upgrade path?

Our bandwidth is pretty limited ATM, but it's on our roadmap to drop support for EOL Node versions. It should happen in 2Q.

we might evaluate moving away from external HTTP clients (e.g., axios) and rely on the built‑in fetch API

This is also planned. We haven't done any investigation yet, but I suspect it's doable and we'd also like to drop any unneeded dependencies - especially if there is a "replacement" in the standard library.