Update package-lock.json to fix security vulnerability

[giordano]

Before:

% npm audit 
# npm audit report

nanoid  <3.1.31
Severity: moderate
Exposure of Sensitive Information to an Unauthorized Actor in nanoid - https://github.com/advisories/GHSA-qrpm-p2h7-hrv2
fix available via `npm audit fix`
node_modules/nanoid
  mocha  8.2.0 - 9.1.4
  Depends on vulnerable versions of nanoid
  node_modules/mocha

node-fetch  <2.6.7
Severity: high
node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor - https://github.com/advisories/GHSA-r683-j2x4-v87g
fix available via `npm audit fix`
node_modules/node-fetch

3 vulnerabilities (2 moderate, 1 high)

To address all issues, run:
  npm audit fix

After:

% npm audit     
found 0 vulnerabilities

Close #92.

[ageorgou]

Should we also update the version of node-fetch in package.json? (and maybe of mocha?)
I wonder why the tests in the automated PR #92 failed, unless it was simply a random timeout.

[giordano]

Should we also update the version of node-fetch in package.json? (and maybe of mocha?)

Yes, good catch.

I wonder why the tests in the automated PR #92 failed, unless it was simply a random timeout.

That changed the version of node-fetch from 2.6.5 to 3.1.1, maybe we have to change something else as well. Test were failing in node-fetch, log:

Error [ERR_REQUIRE_ESM]: Must use import to load ES Module: /home/vsts/work/1/s/node_modules/node-fetch/src/index.js
require() of ES modules is not supported.
require() of /home/vsts/work/1/s/node_modules/node-fetch/src/index.js from /home/vsts/work/1/s/out/client/SOAP_client.js is an ES module file as it is a .js file whose nearest parent package.json contains "type": "module" which defines all .js files in that package scope as ES modules.
Instead rename index.js to end in .cjs, change the requiring code to use import(), or remove "type": "module" from /home/vsts/work/1/s/node_modules/node-fetch/package.json.