build(deps-dev): bump node-fetch from 2.6.4 to 3.0.0

[dependabot]

Bumps node-fetch from 2.6.4 to 3.0.0.

Release notes

Sourced from node-fetch's releases.

v3.0.0

version 3 is going out of a long beta period and switches to stable

One major change is that it's now a ESM only package See changelog for more information about all the changes.

v3.0.0-beta.10

This package is now a ESM only package. To import fetch you either have to use

import fetch from 'node-fetch';
// Or if you are still using commonjs or want to lazy
// import fetch then the async import works fine
import('node-fetch')

• res.blob().stream() now returns a whatwg ReadableStream instad

See CHANGELOG for details.

v3.0.0-beta.9

This is an important security release. It is strongly recommended to update as soon as possible.

See CHANGELOG for details.

v3.0.0-beta.8

See CHANGELOG for details.

v3.0.0-beta.7

See CHANGELOG for details.

v3.0.0-beta.6

See CHANGELOG for details.

v3.0.0-beta.6-exportfix

See CHANGELOG for details.

v3.0.0-beta.5

See CHANGELOG for details.

v3.0.0-beta.1

See CHANGELOG for details.

Changelog

Sourced from node-fetch's changelog.

v3.0.0

• other: Marking v3 as stable
• docs: Add example for loading ESM from CommonJS (#1236)

v3.0.0-beta.10

• Breaking: minimum supported Node.js version is now 12.20.
• Breaking: node-fetch is now a pure ESM module.
• Other: update readme to inform users about ESM.
• Other: update dependencies.

v3.0.0-beta.9

This is an important security release. It is strongly recommended to update as soon as possible.

• Fix: honor the size option after following a redirect.

v3.0.0-beta.8

• Enhance: remove string-to-arraybuffer (#882).
• Enhance: remove parted dependency (#883).
• Fix: export package.json (#908).
• Fix: minimum Node.js version (#874).
• Other: fix typo.

v3.0.0-beta.7

• Breaking: minimum supported Node.js version is now 10.17.
• Enhance: update fetch-blob.
• Enhance: add insecureHTTPParser Parameter (#856).
• Enhance: drop custom Promises and refactor to async functions (#845).
• Enhance: polyfill http.validateHeaderName and http.validateHeaderValue (#843).
• Enhance: should check body source on redirect (#866).
• Enhance: remove code duplication in custom errors (#842).
• Enhance: implement form-data encoding (#603).
• Fix: improve TypeScript types (#841).
• Fix: data URI handling and drop all URL analysis RegExps (#853).
• Fix: headers import statement (#859).
• Fix: correct Node versions were not installed on test matrix (#846).
• Other: test CommonJS build artifact (#838).
• Other: create Code of Conduct (#849).
• Other: readme update.

v3.0.0-beta.6-exportfix

• Fix: fetch function export & declaration, which broke the previous release.

v3.0.0-beta.6

... (truncated)

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[redonkulus]

@pablopalacios interesting change to being esm only package

[pablopalacios]

hmmm, this is quite odd, isn't? Or is it a trend that I haven't seen yet?

[pablopalacios]

Do you think it's worth to migrate the tests to mjs? Otherwise I would keep it on v2. They say that they will keep fixing bugs there. Since we only use it for testing, it should also be fine, no?

[redonkulus]

Its creating a lot of contention in the community, there are a ton of issues in node-fetch for this very thing, many people not happy. I would stick to v2 until we figure out what the package maintainers come up with. Hopefully a cjs export for older node versions for some time.

[jimmywarting]

look through this issue if there is anything that can help to upgrade to v3 node-fetch/node-fetch#1279

[pablopalacios]

Thanks @jimmywarting for the link :)

I gave it a try today, but we need fetch-mock to migrate first (wheresrhys/fetch-mock#620). But it seems its not on their priority list right now.

[dependabot]

Superseded by #319.