Bump node-fetch and puppeteer

[dependabot[bot]]

Bumps node-fetch to 2.6.7 and updates ancestor dependency puppeteer. These dependencies need to be updated together.

Updates node-fetch from 2.6.1 to 2.6.7

Release notes

Sourced from node-fetch's releases.

v2.6.7

Security patch release

Recommended to upgrade, to not leak sensitive cookie and authentication header information to 3th party host while a redirect occurred

What's Changed

• fix: don't forward secure headers to 3th party by @​jimmywarting in node-fetch/node-fetch#1453

Full Changelog: https://github.com/node-fetch/node-fetch/compare/v2.6.6...v2.6.7

v2.6.6

What's Changed

• fix(URL): prefer built in URL version when available and fallback to whatwg by @​jimmywarting in node-fetch/node-fetch#1352

Full Changelog: https://github.com/node-fetch/node-fetch/compare/v2.6.5...v2.6.6

v2.6.2

fixed main path in package.json

Commits

• 1ef4b56 backport of #1449 (#1453)
• 8fe5c4e 2.x: Specify encoding as an optional peer dependency in package.json (#1310)
• f56b0c6 fix(URL): prefer built in URL version when available and fallback to whatwg (...
• b5417ae fix: import whatwg-url in a way compatible with ESM Node (#1303)
• 18193c5 fix v2.6.3 that did not sending query params (#1301)
• ace7536 fix: properly encode url with unicode characters (#1291)
• 152214c Fix(package.json): Corrected main file path in package.json (#1274)
• See full diff in compare view

Maintainer changes

This version was pushed to npm by endless, a new releaser for node-fetch since your current version.

Updates puppeteer from 10.4.0 to 19.1.2

Release notes

Sourced from puppeteer's releases.

puppeteer-core: v19.1.1

19.1.1 (2022-10-24)

Bug Fixes

• update documentation on configuring puppeteer (#9150) (f07ad2c)

puppeteer-core: v19.1.0

19.1.0 (2022-10-21)

Features

• expose browser context id (#9134) (122778a), closes #9132
• use configuration files (#9140) (ec20174), closes #9128

Bug Fixes

• update BrowserFetcher deprecation message (#9141) (efcbc97)

puppeteer-core: v19.0.0

19.0.0 (2022-10-14)

⚠ BREAKING CHANGES

• use ~/.cache/puppeteer for browser downloads (#9095)
• deprecate createBrowserFetcher in favor of BrowserFetcher (#9079)
• refactor custom query handler API (#9078)
• remove puppeteer.devices in favor of KnownDevices (#9075)
• deprecate indirect network condition imports (#9074)
• deprecate indirect error imports (#9072)

Features

• add ability to collect JS code coverage at the function level (#9027) (a032583)
• deprecate createBrowserFetcher in favor of BrowserFetcher (#9079) (7294dfe), closes #8999
• use ~/.cache/puppeteer for browser downloads (#9095) (3df375b)

Bug Fixes

• deprecate indirect error imports (#9072) (9f4f43a)
• deprecate indirect network condition imports (#9074) (41d0122)
• refactor custom query handler API (#9078) (1847704)
• remove puppeteer.devices in favor of KnownDevices (#9075) (87c08fd)
• remove viewport conditions in waitForSelector (#9087) (acbc599)

... (truncated)

Commits

• fe4fcf6 chore: release main (#9161)
• 2245d7d fix: skip browser download (#9160)
• 088c18c chore: update changelog
• b020c57 chore: release main (#9156)
• 95d77c6 chore: revert "chore: release main" (#9155)
• 10b59a9 chore: release main (#9152)
• f07ad2c fix: update documentation on configuring puppeteer (#9150)
• 4bf338b chore: release main (#9143)
• ec20174 feat: use configuration files (#9140)
• efcbc97 fix: update BrowserFetcher deprecation message (#9141)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by google-wombot, a new releaser for puppeteer since your current version.

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/webpack-contrib/webpack-bundle-analyzer/network/alerts).

> **Note** > Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

[dependabot[bot]]

OK, I won't notify you again about this release, but will get in touch when a new version is available.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.