Bump node-fetch and zipkin-transport-http in /dashboard

[dependabot]

Bumps node-fetch to 2.6.9 and updates ancestor dependency zipkin-transport-http. These dependencies need to be updated together.

Updates node-fetch from 1.7.3 to 2.6.9

Release notes

Sourced from node-fetch's releases.

v2.6.9

2.6.9 (2023-01-30)

Bug Fixes

• "global is not defined" (#1704) (70f592d)

v2.6.8

2.6.8 (2023-01-13)

Bug Fixes

• headers: don't forward secure headers on protocol change (#1605) (fddad0e), closes #1599
• premature close with chunked transfer encoding and for async iterators in Node 12 (#1172) (50536d1), closes #1064 node-fetch/node-fetch#1064
• prevent hoisting of the undefined global variable in browser.js (#1534) (8bb6e31)

v2.6.7

Security patch release

Recommended to upgrade, to not leak sensitive cookie and authentication header information to 3th party host while a redirect occurred

What's Changed

• fix: don't forward secure headers to 3th party by @​jimmywarting in node-fetch/node-fetch#1453

Full Changelog: node-fetch/node-fetch@v2.6.6...v2.6.7

v2.6.6

What's Changed

• fix(URL): prefer built in URL version when available and fallback to whatwg by @​jimmywarting in node-fetch/node-fetch#1352

Full Changelog: node-fetch/node-fetch@v2.6.5...v2.6.6

v2.6.2

fixed main path in package.json

v2.6.1

This is an important security release. It is strongly recommended to update as soon as possible.

See CHANGELOG for details.

v2.6.0

See CHANGELOG.

v2.5.0

See CHANGELOG.

v2.4.1

... (truncated)

Commits

• 70f592d fix: "global is not defined" (#1704)
• 0f1ebb0 Prevent error when response is null (#1699)
• 6e9464d ci(release): install dependencies
• dd2a0ba ci(release): install dependencies
• 49bef02 ci(release): use latest Node LTS
• ce37bcd ci(semantic-release): config
• 1768eaa ci(release): initial version
• 8bb6e31 fix: prevent hoisting of the undefined global variable in browser.js (#1534)
• e218f8d Add missing changelog entries. (#1613)
• fddad0e fix(headers): don't forward secure headers on protocol change (#1605)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by node-fetch-bot, a new releaser for node-fetch since your current version.

Updates zipkin-transport-http from 0.14.2 to 0.22.0

Release notes

Sourced from zipkin-transport-http's releases.

Version 0.22.0

This release includes in #476, a long requested feature (see #201, #135, #124, #175 and #106) but we did not want to release it until we got users involved in the testing of the feature with real use cases. Thanks @​kurtharriger for taking care of the unit testing part and @​mikhailrojo for actually testing the feature in production code.

We also include some fixes:

• fix(http-reporter): add fallback for fetch (#497) by @​rafael-anachoreta
• chore: eps correctness (#505) by @​mikhailrojo

Version 0.21.0

This version mainly adds support for AWS SQS transport, thanks to @​asanluis (for the code, iterations and spirit) but also drops support to node8 on builds as EOL.

Versión 0.20.0

• Adds support for configurable fetch API (#485) - thanks to @​petermetz
• Fix readme for empty module (#489) - thanks to @​chrunchyjesus

Version 0.19.1

#439 Added agent option to http transport - thanks to @​RAWeber #449 Fixes the express instrumentation by using right hooks in the response reported by @​jeffthompson1971 in openzipkin/zipkin-js#417

Version 0.19.0

This version includes the brand new zipkin-instrumentation-koa package by @​shumsky, some gaps filled in the Typescript interface by @​Igor-lkm (openzipkin/zipkin-js#426 and openzipkin/zipkin-js#428) and a complete refactor of the test suite for instrumentations.

Version 0.18.6

This adds the ability to manually flush spans from the BatchRecorder and fixes a couple bugs, most notably Error: Must be valid TraceId instance. Thanks for all the feedback and help making things better!

• @​jcchavezs added BatchRecorder.flush() for manual control of span reporting (ex in lambda) #362
• Fixes Error: Must be valid TraceId instance relating to transpilation #422
• Fixes wrong Span.kind on ServerRecv and dropped ClientAddr annotations #418

Version 0.18.4

Major improvements in span reporting and debugging support. Notably the issue described in openzipkin/zipkin-js#365 was addressed in openzipkin/zipkin-js#383 with tones of tests in openzipkin/zipkin-js#378, openzipkin/zipkin-js#376, openzipkin/zipkin-js#372, openzipkin/zipkin-js#369, openzipkin/zipkin-js#380 and openzipkin/zipkin-js#385. All these great work is thanks to @​adriancole

Version 0.18.0

• #352[instrumentation-grpc-client] Fixes trace identifiers not being not correctly cleaned up after setting them in the grpc interceptor. Thanks to @​high-stakes
• #355[instrumentation-request] Fixes mutation in the context in httpclient.recordResponse. Thanks to @​chris-smith-zocdoc
• #357[instrumentation-kafkajs] Adds instrumentation for kafkajs. Thanks to @​high-stakes

Version 0.17.1

This release includes some fixes and upgrades. Notably we include a GOT http instrumentation.

• #157 Adds GOT instrumentation, thanks to @​juhovh
• #327 httpServer instrumentation should let sampler to make decision if missing sampled header, thanks to @​kenspirit
• #185 hapi 17 support, thanks to @​akiellor and @​PaulinaStypinska

We also dropped support for node 6 as it is becoming unsupported this month.

Version 0.16.2

This patch version includes a fix for #330 thanks to @​ghermeto.

Version 0.16.1

... (truncated)

Commits

• bc590b2 v0.22.0
• edbed6b Deps correctness (#505)
• 4d3e9a9 feat: adds support for cls-hooked. (#476)
• 4712d10 docs: improves docs for HTTP Logger. (#500)
• 2396df3 feat(http): add fallback for fetch (#497)
• 324702a v0.21.0
• f939ec3 feat: adds aws sqs transport (#492)
• b96bf01 chore: remove builds for Node 8. (#494)
• 2aca37b v0.20.0
• edc94aa fix readme (#489)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.