deps: update dependencies

[barmac]

My assessment

1. npm audit fix fixed most of the reported vulnerabilities.
2. I decided to upgrade mocha as it's just a dev dependency and it worked afterwards.
3. The only dependency which was reported as vulnerable was trim-newlines via meow.

I checked in what context the vulnerable dependency is used and it occurred it's just a single line: https://github.com/sindresorhus/meow/blob/e1f0e24840634ae58664a70ee9e19ab80166b3f3/index.js#L166 What is more, it refers to an option in meow configuration which we don't use (options.help). So I believe we are not vulnerable even though npm audit reports the dependency.

Why can't we upgrade meow to a version without npm audit report? Since version 10, meow is a pure ESM package. This means that if we want to upgrade, we also need to either move to ESM (=> drop Node < 12 support) or rewrite the cli.js to use dynamic import. More on that at https://github.com/sindresorhus/meow/releases/tag/v10.0.0 and https://gist.github.com/sindresorhus/a39789f98801d908bbc7ff3ecc99d99c.

https://github.com/bpmn-io/bpmn-to-image/issues/25#issuecomment-963048420

Closes #25

[nikku]

Thanks for your thorough analysis.