fix(deps): update dependency cross-fetch to v3.1.5 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
cross-fetch	3.0.5 -> 3.1.5

GitHub Vulnerability Alerts

CVE-2022-1365

When fetching a remote url with Cookie if it get Location response header then it will follow that url and try to fetch that url with provided cookie . So cookie is leaked here to thirdparty.
Ex: you try to fetch example.com with cookie and if it get redirect url to attacker.com then it fetch that redirect url with provided cookie .

---

Release Notes

lquixada/cross-fetch (cross-fetch)

v3.1.5

Compare Source

What's Changed

• chore: updated node-fetch version to 2.6.7 by @​dlafreniere in https://github.com/lquixada/cross-fetch/pull/124

New Contributors

• @​dlafreniere made their first contribution in https://github.com/lquixada/cross-fetch/pull/124

Full Changelog: lquixada/cross-fetch@v3.1.4...v3.1.5

v3.1.4

Compare Source

🐞 fixed typescript errors.

v3.1.3

Compare Source

🐞 fixed typescript compilation error causing #​95, #​101, #​102.

v3.1.2

Compare Source

🐞 added missing Headers interface augmentation from lib.dom.iterable.d.ts (#​97)

v3.1.1

Compare Source

🐞 fixed missing fetch api types from constructor signatures #​96 (thanks @​jstewmon)

v3.1.0

Compare Source

⚡️ improved TypeScript support with own fetch API type definitions (thanks @​jstewmon)
⚡️ set fetch.ponyfill to true when custom ponyfill implementation is used.
💡 set the same fetch API test suite to run against node-fetch, whatwg-fetch and native fetch.

v3.0.6

Compare Source

⚡️ updated node-fetch to 2.6.1

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

⚠ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: yarn.lock

installing v2 tool yarn-slim v1.22.19
ERROR: npm v9.5.1 is known not to run on Node.js v10.20.1. You'll need to upgrade
to a newer Node.js version in order to use this version of npm. This version of
npm supports the following node versions: `^14.17.0 || ^16.13.0 || >=18.0.0`. You
can find the latest version at https://nodejs.org/.

ERROR:
/opt/buildpack/tools/node/18.16.0/lib/node_modules/npm/lib/utils/exit-handler.js:21
  const hasLoadedNpm = npm?.config.loaded
                           ^

SyntaxError: Unexpected token .
    at Module._compile (internal/modules/cjs/loader.js:723:23)
    at Object.Module._extensions..js (internal/modules/cjs/loader.js:789:10)
    at Module.load (internal/modules/cjs/loader.js:653:32)
    at tryModuleLoad (internal/modules/cjs/loader.js:593:12)
    at Function.Module._load (internal/modules/cjs/loader.js:585:3)
    at Module.require (internal/modules/cjs/loader.js:692:17)
    at require (internal/modules/cjs/helpers.js:25:18)
    at module.exports (/opt/buildpack/tools/node/18.16.0/lib/node_modules/npm/lib/cli.js:81:23)
    at Object.<anonymous> (/opt/buildpack/tools/node/18.16.0/lib/node_modules/npm/bin/npm-cli.js:2:25)
    at Module._compile (internal/modules/cjs/loader.js:778:30)