fix: upgrade npm dependency to v8

[AlexanderBabel]

This PR fixes the GHSA-896r-f27r-55mw and GHSA-93q8-gq69-wqmw vulnerabilities by updating npm to v8.

The npm v8.0.0 package drops support for Node 10 and 11. These versions are no longer supported by this project. Therefore, this is not a breaking change.

# npm audit report

ansi-regex  >2.1.1 <5.0.1
Severity: moderate
 Inefficient Regular Expression Complexity in chalk/ansi-regex - https://github.com/advisories/GHSA-93q8-gq69-wqmw
fix available via `npm audit fix`
node_modules/npm/node_modules/cli-table3/node_modules/ansi-regex
node_modules/npm/node_modules/string-width/node_modules/ansi-regex
  strip-ansi  4.0.0 - 5.2.0
  Depends on vulnerable versions of ansi-regex
  node_modules/npm/node_modules/string-width/node_modules/strip-ansi
    string-width  2.1.0 - 4.1.0
    Depends on vulnerable versions of strip-ansi
    node_modules/npm/node_modules/string-width

json-schema  <0.4.0
Severity: moderate
json-schema is vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-896r-f27r-55mw
fix available via `npm audit fix`
node_modules/npm/node_modules/json-schema
  jsprim  0.3.0 - 1.4.1 || 2.0.0 - 2.0.1
  Depends on vulnerable versions of json-schema
  node_modules/npm/node_modules/jsprim

Additionally, I updated the engine section in the package.json. #408 fails because of a miss match. I applied the recommendation from the workflow run https://github.com/semantic-release/npm/runs/4502004243.

[travi]

I updated the engine section in the package.json. #408 fails because of a miss match.

it looks like v8 of npm dropped support for node v15, so the need for this makes sense.

The npm v8.0.0 package drops support for Node 10 and 11. These versions are no longer supported by this project. Therefore, this is not a breaking change.

since v15 is also dropped, it is technically a breaking change

we are currently working through converting the project to ESM, which would also be a breaking change. along with that, we plan to raise the minimum node version to v16, which would support this npm version more naturally.

i tried to look at the npm releases to see if these fixes are available in a v7 release, but it doesnt look promising from a brief look. could you confirm if this is resolvable without the v8 upgrade, if you havent already?

[AlexanderBabel]

There is an issue about this in the npm/cli repo: npm/cli#3785

But it doesn't look like they want to backport their changes to older versions.

[travi]

thanks a lot for the investigation and contribution, @AlexanderBabel!

[github-actions]

🎉 This PR is included in version 9.0.0-beta.1 🎉

The release is available on:

• npm package (@beta dist-tag)
• GitHub release

Your semantic-release bot 📦🚀

[github-actions]

🎉 This PR is included in version 9.0.0 🎉

The release is available on:

• npm package (@next dist-tag)
• GitHub release

Your semantic-release bot 📦🚀