Bump node-fetch to 2.6.1

[wendorf]

node-fetch < 2.6.1 has a security vulnerability
(GHSA-w7rc-rwvf-8q5r)

This is a major version bump for strapi-plugin-upload (from 1.7.3), but
it does not look like strapi-plugin-upload is relying on any of the
functionality that has broken from 1.x to 2.x

This covers the same change in #7975, but for more than strapi-generate-new.

This also covers three dependabot PRs that were closed without merging:

• Bump node-fetch from 1.7.3 to 2.6.1 in /packages/strapi-generate-new #7857
• Bump node-fetch from 2.6.0 to 2.6.1 in /packages/strapi #7837
• Bump node-fetch from 1.7.3 to 2.6.1 #7757

Description of what you did:

Bumped node-fetch in the packages that use it, to address a security vulnerability.

• strapi-generate-new: 1.7.3 -> 2.6.1
• strapi-plugin-upload: 2.6.0 -> 2.6.1
• strapi: 2.6.0 -> 2.6.1

[alexandrebodin]

Hello as told in the previous PRs the vulnerable code is not used but I have been able to test so merging ;)

[wendorf]

@alexandrebodin Thanks for moving forward with it! Even if it's not used, it causes security vulnerability scanners to flag it, so this will reduce headaches for people who see the false positive :)

[wendorf]

Whoops, sorry to clear the review, @alexandrebodin. I just force-pushed with a sign-off in the commit to make the DCO check pass.

[codecov]

Codecov Report

Merging #8191 into master will decrease coverage by 0.01%.
The diff coverage is 14.28%.

@@            Coverage Diff             @@
##           master    #8191      +/-   ##
==========================================
- Coverage   32.96%   32.95%   -0.02%     
==========================================
  Files        1197     1197              
  Lines       13020    13027       +7     
  Branches     1286     1286              
==========================================
+ Hits         4292     4293       +1     
- Misses       7885     7891       +6     
  Partials      843      843              

Flag	Coverage Δ
#front	25.05% <14.28%> (-0.01%)	⬇️
#unit	53.88% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
...in-content-manager/admin/src/translations/index.js	0.00% <0.00%> (ø)
...ntent-type-builder/admin/src/translations/index.js	0.00% <0.00%> (ø)
...ugin-documentation/admin/src/translations/index.js	0.00% <0.00%> (ø)
...trapi-plugin-email/admin/src/translations/index.js	0.00% <0.00%> (ø)
...rapi-plugin-upload/admin/src/translations/index.js	0.00% <0.00%> (ø)
...-users-permissions/admin/src/translations/index.js	0.00% <0.00%> (ø)
...kages/strapi-admin/admin/src/translations/index.js	100.00% <100.00%> (ø)

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 645c0b8...6788a2c. Read the comment docs.

[alexandrebodin]

Will wait for the tests to pass and merge ;)

[wendorf]

@alexandrebodin Since this PR has no code changes, I don't think the code coverage failures are actionable. Is there anything I should do here?

[alexandrebodin]

Thank you for your contribution 👍