Bump tough-cookie and less in /demo/web

[dependabot[bot]]

Removes tough-cookie. It's no longer used after updating ancestor dependency less. These dependencies need to be updated together.

Removes tough-cookie

Updates less from 3.8.1 to 3.13.1

Changelog

Sourced from less's changelog.

v3.13.1 (2020-12-18)

• #3575 Fixes #3574 (#3575) (@​matthew-dean)

v3.13.0 (2020-12-12)

• #3572 Fixes #3434 - memory / runtime improvements (#3572) (@​matthew-dean)
• #3550 Examples contain more valid CSS, to test with a new parser (#3550) (@​matthew-dean)
• #3546 Bug fixes - fixes #3446 #3368 (#3546) (@​matthew-dean)

v3.12.2 (2020-07-16)

• #3545 Release 3.12.2 (#3545) (@​matthew-dean)

v3.12.1 (2020-07-16)

• #3544 Fixes #3533 (#3544) (@​matthew-dean)
• #3543 Fixes #3541 (#3543) (@​matthew-dean)

v3.12.0 (2020-07-13)

• #3540 v3.12.0-RC.2 (#3540) (@​matthew-dean)
• #3532 Fixes #3371 Allow conditional evaluation of function args (#3532) (@​matthew-dean)
• #3531 Remove lib folder from git (#3531) (@​matthew-dean)
• #3530 Move changelog to root (#3530) (@​matthew-dean)
• #3529 Duplicate dist files in root for older links (#3529) (@​matthew-dean)
• #3525 Test-data module (#3525) (@​matthew-dean)
• #3523 Fixes #3504 / organizes tests (#3523) (@​matthew-dean)
• #3501 Restore nuked scripts (?), replace dependencies (#3501) (#3522) (@​matthew-dean)
• #3521 Lerna refactor / TS compiling w/o bundling (#3521) (@​matthew-dean)
• #3517 Resolve #3398 Add flag to disable sourcemap url annotation (#3517) (@​hirosato)
• #3294 fix(#3294): use loadFileSync when loading plugins with syncImport: true (#3506) (@​Justineo)

v3.11.3 (2020-06-05)

• #3509 Fixes #3508 (#3509) (@​matthew-dean)

v3.11.2 (2020-06-01)

• #3498 Remove tree caching in import manager (#3498) (@​matthew-dean)
• #3482 issue#3481 ignore missing debugInfo (#3482) (@​5UtJAjiRWj1q)
• #3494 Additional check to avoid evaluating an expression if it is a comment (#3494) (@​rgroothuijsen)
• #3490 fix: Use make-dir instead of mkdirp (#3490) (@​eps1lon)
• #3493 Properly exit calc mode after use (#3493) (@​rgroothuijsen)
• #3477 Convert to auto-changelog (#3477) (@​matthew-dean)

v3.11.1 (2020-02-11)

• #3475 Fixes #3469 - Include tslib dependency (#3475) (@​matthew-dean)

v3.11.0 (2020-02-09)

• #3468 3.11.0 (#3468) (@​matthew-dean)
• #3453 Import file with dots in file name (#3453) (@​life777)
• #3460 - Fixed replacer when visitor returns array of nodes (#3460) (@​lmartorella)
• #3454 Added financial contributors to the README (#3454) (@​monkeywithacupcake)
• #3431 Fixes #3430: Removed unnecessary 'important' from NamespaceValue. (#3431) (@​batchunag)
• #3426 Fixes #3405 (#3426) (@​matthew-dean)

... (truncated)

Commits

• 283b1b4 Fixes #3574 (#3575)
• 5423802 Update CHANGELOG.md
• 257efdd Fixes #3434 - memory / runtime improvements (#3572)
• 0e26859 Examples contain more valid CSS, to test with a new parser (#3550)
• 76132ef Bug fixes - fixes #3446 #3368 (#3546)
• ef4baa5 Release 3.12.2 (#3545)
• b93a085 Fixes #3533 (#3544)
• e188f44 Fixes #3541 (#3543)
• 2870163 Update changelog
• e4f7551 v3.12.0
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the Security Alerts page.