Update: bump eventsource package for security fix

[m-schrepel]

Requirements

• [ ] I have added test coverage for new or changed functionality
• [x] I have followed the repository's pull request submission guidelines
• [ ] I have validated my changes against all supported platform versions

Related issues

https://github.com/launchdarkly/js-eventsource/pull/11

209

Describe the solution you've provided

The newly published launchdarkly-eventsource package bumps the version of original to 1.0.1 where the url-parse issue is fixed. This would take in 1.4.1 of eventsource instead of 1.4.0 which will resolve the url-parse issue at a top-level

Additional context

https://github.com/advisories/GHSA-9m6j-fcg5-2442

[eli-darkly]

Currently package-lock.json is in source control— which probably doesn't make sense for a library project, so I think we will probably remove it at some point, but since it's in there now it does need to be committed for any dependency change. But we were going to do that anyway as a follow-up to the eventsource release, so you don't need to submit a PR. Sorry we were just moving slowly.