build(deps): bump node-fetch and @microsoft/microsoft-graph-client

[dependabot]

Bumps node-fetch to 2.6.7 and updates ancestor dependency @microsoft/microsoft-graph-client. These dependencies need to be updated together.

Updates node-fetch from 1.7.3 to 2.6.7

Release notes

Sourced from node-fetch's releases.

v2.6.7

Security patch release

Recommended to upgrade, to not leak sensitive cookie and authentication header information to 3th party host while a redirect occurred

What's Changed

• fix: don't forward secure headers to 3th party by @​jimmywarting in node-fetch/node-fetch#1453

Full Changelog: node-fetch/node-fetch@v2.6.6...v2.6.7

v2.6.6

What's Changed

• fix(URL): prefer built in URL version when available and fallback to whatwg by @​jimmywarting in node-fetch/node-fetch#1352

Full Changelog: node-fetch/node-fetch@v2.6.5...v2.6.6

v2.6.2

fixed main path in package.json

v2.6.1

This is an important security release. It is strongly recommended to update as soon as possible.

See CHANGELOG for details.

v2.6.0

See CHANGELOG.

v2.5.0

See CHANGELOG.

v2.4.1

See CHANGELOG.

v2.4.0

See CHANGELOG.

v2.3.0

See CHANGELOG.

v2.2.1

See CHANGELOG.

Version 2.1.2

• Fix: allow Body methods to work on ArrayBuffer-backed Body` objects
• Fix: reject promise returned by Body methods when the accumulated Buffer exceeds the maximum size
• Fix: support custom Host headers with any casing
• Fix: support importing fetch() from TypeScript in browser.js
• Fix: handle the redirect response body properly

... (truncated)

Commits

• 1ef4b56 backport of #1449 (#1453)
• 8fe5c4e 2.x: Specify encoding as an optional peer dependency in package.json (#1310)
• f56b0c6 fix(URL): prefer built in URL version when available and fallback to whatwg (...
• b5417ae fix: import whatwg-url in a way compatible with ESM Node (#1303)
• 18193c5 fix v2.6.3 that did not sending query params (#1301)
• ace7536 fix: properly encode url with unicode characters (#1291)
• 152214c Fix(package.json): Corrected main file path in package.json (#1274)
• b5e2e41 update version number
• 2358a6c Honor the size option after following a redirect and revert data uri support
• 8c197f8 docs: Fix typos and grammatical errors in README.md (#686)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by endless, a new releaser for node-fetch since your current version.

Updates @microsoft/microsoft-graph-client from 1.4.0 to 3.0.2

Release notes

Sourced from @​microsoft/microsoft-graph-client's releases.

3.0.2

Changes:

• 7f901185b35003403eb823a8a8ef5fe9eda9ff27 Merge pull request #624 from microsoftgraph/release/3.0.2-latest
• 025db4c86c96fd453218bb504927298c09a69831 Merge branch 'master' into release/3.0.2-latest
• 0fe66a96b50e4c1035b00fafa23151f484f0be0c Merge pull request #623 from microsoftgraph/release/3.0.2
• 6e7a8bc92f82925aa5da06839aed5f15ae18b1a4 3.0.2
• 253d3c17eace4a766c6c2d89aeca95fd3badbd2b Merge branch 'master' into release/3.0.2
• b5e20c9bcb5a9b8478e8a3868ad6e5921b69f134 uint8array in fileupload (#622)
• 1c2565bdd2d225da8b1adbfd541509d5244dcdc7 Bump eslint-plugin-prettier from 3.4.0 to 4.0.0 (#611)
• 7f515f37f0e84f20683b50c0f055caa49c7e6d2e Merge pull request #619 from microsoftgraph/dependabot/npm_and_yarn/samples/simple-get-3.1.1
• 1ac59ec37d41c4546898258000e78b9f28a2b1df Bump simple-get from 3.1.0 to 3.1.1 in /samples
• 720d6d5b70d57d668ccd43b37b0f53f8957cb497 Remove node type ambient declaration (#618)

• 37b0ed13da184dd85ecb4dde2511de965124fcf3 Bump @​babel/preset-env from 7.16.8 to 7.16.11 (#593)
• 335482f109d973bdb11969d131845546530adcee Bump sinon from 12.0.1 to 13.0.1 (#605)
• 44572f3f35f394c8926b297ca4a72604c1a9bbbd Bump @​types/sinon from 10.0.8 to 10.0.9 (#595)
• 4bf3968875df7a3ea5b3bb4349eef8e3429e35cc Bump @​types/mocha from 9.0.0 to 9.1.0 (#598)
• ea280a70ff6c34e01ddffcb47711cb002bc1d313 Bump lint-staged from 12.3.1 to 12.3.2 (#603)
• 55abeb16e585ea6437f00667ef471fc5f54ae1b4 Bump tar from 4.4.8 to 4.4.19 in /scripts (#601)
• e83fecee94ace3f993f6cfe15008ac8ff01830cb Bump rollup from 2.66.0 to 2.66.1 (#604)
• 7bef5ff3258731c70516dbc62dace524ca6641f7 Bump @​babel/core from 7.16.7 to 7.16.12 (#596)
• ee30857f235cd3ddc0f3312a9767471ed91bf82c Bump @​types/node from 12.20.10 to 17.0.13 (#599)
• 125a2f09e65d5500b063a0c7462d99bf06eb4f77 Bump karma from 6.3.11 to 6.3.13 (#602)
• 25376becb6406d74f5889611e73ea1354d96c9fe Bump ts-node from 9.1.1 to 10.4.0 (#592)
• cfacd2cc36a8294d080f95b598c7ad3d05a87e3b Bump @​azure/msal-browser from 2.15.0 to 2.21.0 (#567)
• 9a539f93b61c2648b35ce4a5d1f04e6cf4822261 Bump @​azure/identity from 1.3.0 to 2.0.1 (#561)
• 3eab6727853b1977bd8046fa3bab8e95dafe6f40 Bump @​typescript-eslint/eslint-plugin from 3.10.1 to 4.0.0 (#581)
• d55497a02465d5ec36cdd1bcb5f3a3915c2db9f6 Bump @​rollup/plugin-commonjs from 17.1.0 to 21.0.1 (#578)
• fe6379fbc41a560d9b86758b575be0a3dbeca9ad Bump rollup from 2.65.0 to 2.66.0 (#580)
• a0bc0e0dc33e0d847e08e74ac8ab4ec01fe36b9d Bump lint-staged from 11.0.0 to 12.3.1 (#582)
• 7b6fae10d0c1c8a478e9eb13da5de666a6a46deb Bump node-fetch from 2.6.1 to 2.6.7 (#586)
• 593f503b14403f2c40634f3c3b3f6f9b8f543f40 Bump node-fetch from 2.6.1 to 2.6.7 in /samples (#585)
• f5910f1da4968fe71cf142aaf180ebb3a55b02e5 Bump husky from 2.7.0 to 7.0.4 (#584)
• ea80b8dee7b0122680c245b9c4cc45eccfc6e6ab Bump @​types/sinon from 9.0.11 to 10.0.8 (#583)
• f0ccda4b11216f85033323f5685c3706d8545a2e Bump @​babel/plugin-transform-runtime from 7.13.15 to 7.16.10 (#577)
• 85b39a9073f76114a8871c5c2c2dd294c2c603d5 Bump @​rollup/plugin-node-resolve from 11.2.1 to 13.1.3 (#579)
• 764da2e4e14dec11b96a7020b15e8e913645aea2 Bump log4js from 6.3.0 to 6.4.0 (#574)
• 26728983611bc24a485e9aca59734e1839289b6a Bump karma from 6.3.2 to 6.3.11 (#564)
• ce8f12d8dec934198d2fdb00f315441c04dda73d Bump rollup from 2.63.0 to 2.65.0 (#575)
• ecec30c96c5885bcd134073b1d1720d12c42b8f8 Bump @​types/chai from 4.2.16 to 4.3.0 (#563)
• 3d089f62efbee14269f1a572f6138dfda7c2a9b4 Bump @​istanbuljs/nyc-config-typescript from 1.0.1 to 1.0.2 (#562)
• f89926c15eebdf4cd490356fcded363c0471e5a2 Bump eslint-config-prettier from 7.2.0 to 8.3.0 (#566)
• 6e64a0b06f3c8aea1ebd04afde48b6918aa4a41d Bump @​babel/runtime from 7.13.17 to 7.16.7 (#568)
• 02f8a0816b855dc060a6087297d41ff3703657ed Bump @​babel/preset-env from 7.13.15 to 7.16.8 (#559)
• a1f985d4a56a999d559a2eb30d3f022c8bbb06c3 Bump prettier from 1.19.1 to 2.5.1 (#560)
• 03466561205780b59f7a30b660626443ab5f93fc Bump @​types/mocha from 5.2.7 to 9.0.0 (#549)

... (truncated)

Changelog

Sourced from @​microsoft/microsoft-graph-client's changelog.

Changelog

Commits

• 7f90118 Merge pull request #624 from microsoftgraph/release/3.0.2-latest
• 025db4c Merge branch 'master' into release/3.0.2-latest
• 0fe66a9 Merge pull request #623 from microsoftgraph/release/3.0.2
• 6e7a8bc 3.0.2
• 253d3c1 Merge branch 'master' into release/3.0.2
• b5e20c9 uint8array in fileupload (#622)
• 1c2565b Bump eslint-plugin-prettier from 3.4.0 to 4.0.0 (#611)
• 7f515f3 Merge pull request #619 from microsoftgraph/dependabot/npm_and_yarn/samples/s...
• 1ac59ec Bump simple-get from 3.1.0 to 3.1.1 in /samples
• 720d6d5 Remove node type ambient declaration (#618)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by microsoftgraph, a new releaser for @​microsoft/microsoft-graph-client since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.