chore(deps): bump node-fetch in /functions from ^2.6.7 to ^2.6.13

2.6.7 has a known high-severity vulnerability: CVE-2022-0235
(exposure of sensitive information to an unauthorized actor via
redirect to a non-HTTP URL such as file://, which can leak sensitive
host data). Fixed in 2.6.8+. Staying on v2 because v3 is ESM-only
and the functions package uses CommonJS.

Author: ZLeventer

functions/package.json

@@ -18,7 +18,7 @@
     "firebase-admin": "^8.10.0",
     "firebase-functions": "^3.13.2",
     "firebase-tools": "^9.10.0",
-    "node-fetch": "^2.6.7"
+    "node-fetch": "^2.6.13"
   },
   "devDependencies": {
     "@types/cors": "^2.8.7",