Bump node-fetch and @stoplight/spectral

[dependabot[bot]]

Bumps node-fetch to 2.6.7 and updates ancestor dependency @stoplight/spectral. These dependencies need to be updated together.

Updates node-fetch from 2.6.1 to 2.6.7

Release notes

Sourced from node-fetch's releases.

v2.6.7

Security patch release

Recommended to upgrade, to not leak sensitive cookie and authentication header information to 3th party host while a redirect occurred

What's Changed

• fix: don't forward secure headers to 3th party by @​jimmywarting in node-fetch/node-fetch#1453

Full Changelog: https://github.com/node-fetch/node-fetch/compare/v2.6.6...v2.6.7

v2.6.6

What's Changed

• fix(URL): prefer built in URL version when available and fallback to whatwg by @​jimmywarting in node-fetch/node-fetch#1352

Full Changelog: https://github.com/node-fetch/node-fetch/compare/v2.6.5...v2.6.6

v2.6.2

fixed main path in package.json

Commits

• 1ef4b56 backport of #1449 (#1453)
• 8fe5c4e 2.x: Specify encoding as an optional peer dependency in package.json (#1310)
• f56b0c6 fix(URL): prefer built in URL version when available and fallback to whatwg (...
• b5417ae fix: import whatwg-url in a way compatible with ESM Node (#1303)
• 18193c5 fix v2.6.3 that did not sending query params (#1301)
• ace7536 fix: properly encode url with unicode characters (#1291)
• 152214c Fix(package.json): Corrected main file path in package.json (#1274)
• See full diff in compare view

Maintainer changes

This version was pushed to npm by endless, a new releaser for node-fetch since your current version.

Updates @stoplight/spectral from 5.9.2 to 6.5.0

Release notes

Sourced from @​stoplight/spectral's releases.

v6.5.0

What's Changed

• fix(functions): handle percent encoded in unreferencedReusableObject by @​mkistler in stoplightio/spectral#2212
• feat(core): improve ruleset validation by @​P0lip in stoplightio/spectral#2026
• fix(ruleset-bundler): never externalize builtins by @​P0lip in stoplightio/spectral#2174

Full Changelog: https://github.com/stoplightio/spectral/compare/v6.4.2...v6.5.0

v6.4.2

What's Changed

• feat(rulesets): add rule to validate message's examples by @​magicmatatjahu in stoplightio/spectral#2126
• chore(core): bump minimatch from 3.0.4 to 3.1.2 by @​P0lip in stoplightio/spectral#2171
• fix(core): bump nimma from 0.2.1 to 0.2.2 by @​P0lip in stoplightio/spectral#2173
• feat(ruleset-bundler): add fullOutput option to bundleRuleset by @​P0lip in stoplightio/spectral#2194
• feat(rulesets): validate channel servers, server securities and operation securities by @​magicmatatjahu in stoplightio/spectral#2122
• fix(core): fix 'resolved vs unresolved' json path mapping by @​padamstx in stoplightio/spectral#2202

New Contributors

• @​padamstx made their first contribution in stoplightio/spectral#2202

Full Changelog: https://github.com/stoplightio/spectral/compare/v6.4.1...v6.4.2

v6.4.1

What's Changed

• fix(core): bump nimma from 0.2.0 to 0.2.1 by @​P0lip in stoplightio/spectral#2157
• feat(rulesets): add rules for validation of server variables and channel parameters by @​magicmatatjahu in stoplightio/spectral#2101
• feat(rulesets): add rules for validation uniqueness of tag names by @​magicmatatjahu in stoplightio/spectral#2104
• feat(rulesets): add rule to check uniqueness operationId of AsyncAPI operations by @​magicmatatjahu in stoplightio/spectral#2121
• fix(cli): do not show 'or higher' if severity equals error by @​P0lip in stoplightio/spectral#2172

New Contributors

• @​ssbarnea made their first contribution in stoplightio/spectral#2168

Full Changelog: https://github.com/stoplightio/spectral/compare/v6.4.0...v6.4.1

v6.4.0

What's Changed

• fix(functions): reset RegExp.lastIndex to zero when using cached RegExp objects by @​pavelkornev in stoplightio/spectral#2079
• fix(ruleset-migrator): validate aliases correctly by @​P0lip in stoplightio/spectral#2085
• fix(core): bump nimma from 0.1.8 to 0.2.0 by @​P0lip in stoplightio/spectral#2088
• feat(rulesets): add unused components server rule by @​jonaslagoni in stoplightio/spectral#2097
• feat(rulesets): support AsyncAPI 2.4 by @​jonaslagoni in https://github.com/stoplightio/spectral/commit/7364b2dd602f4f2a9367d8a8653b621b9fef4326
• feat(core): support JSON ruleset validation by @​P0lip in stoplightio/spectral#2062
• docs(repo): explain $refs caveat with overrides by @​P0lip in stoplightio/spectral#2127
• fix(core): redeclared rules should always be re-enabled by @​P0lip in stoplightio/spectral#2138
• chore(core): improve ruleset typings by @​P0lip in stoplightio/spectral#2132
• feat(cli): sort linting results alphabetically by @​P0lip in stoplightio/spectral#2147

New Contributors

... (truncated)

Commits

• 739140f chore(release): 6.5.0 [skip ci]
• fb1bbe6 fix(ruleset-bundler): never externalize builtins (#2174)
• 8315162 feat(core): improve validation (#2026)
• bb732ae chore(release): 1.11.1 [skip ci]
• ea26e8a chore(release): 1.6.2 [skip ci]
• d16b5a6 fix(functions): handle percent encoded in unreferencedReusableObject(#2212)
• ca6b0c0 chore(release): 1.12.4 [skip ci]
• a5a4fd3 chore(release): 6.4.2 [skip ci]
• 157ec59 fix(core): fix 'resolved vs unresolved' json path mapping (#2202)
• 15d3c69 docs(repo): update custom ruleset with multiple thens example (#2208)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/jmlue42/spectral-jsonapi-ruleset/network/alerts).

[dependabot[bot]]

OK, I won't notify you again about this release, but will get in touch when a new version is available.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.