Update lockfile to automatically remove the vulnerability introduced by node-fetch

[paimon0715]

Hi, I have reported a vulnerability issue in package cross-fetch.

As far as I am aware, vulnerability CVE-2020-15168 detected in package node-fetch(<2.6.1,>=3.0.0-beta.1 <3.0.0-beta.9) is directly referenced by  cross-fetch@2.2.3, on which your package web3-provider-engine@16.0.3 directly depends. As such, this vulnerability can also affect web3-provider-engine@16.0.3 via the following path: web3-provider-engine@16.0.3 ➔ cross-fetch@2.2.3 ➔ node-fetch@2.1.2(vulnerable version)

Since cross-fetch has released a new patched version cross-fetch@2.2.5 to resolve this issue (cross-fetch@2.2.5 ➔ node-fetch@2.6.1(fix version)), then this vulnerability patch can be automatically propagated into your project only if you update your lockfile. The following is your new dependency path : web3-provider-engine@16.0.3 ➔ cross-fetch@2.2.5 ➔ node-fetch@2.6.1(vulnerability fix version).

A warm tip. Best regards, ^_^

[mcmire]

Hi, sorry for the late reply and thanks for the report. This problem ended up being solved by removing cross-fetch altogether. The latest version includes that change. Hope this addresses your concern!