Fix #11 - Addresses critical vulnerabilities in dependencies

This PR updates the package.json file so that dependencies that in turn have outdated dependencies are upgraded to address critical vulnerabilities.

Three packages are proposed to be updated to their latest versions, and one dependency override is used since the package at issue has not been updated in 8 years.

Packages upgraded:

"conventional-changelog-writer": "^5.0.1"
"git-url-parse": "^14.0.0",
"jimp": "^0.22.12",

Override implemented:

"minimist": "^1.2.6" - Snyk scan - to note: yarn audit flags this dependency (versions older) as having a critical vulnerability - snyk doesn't mark it as high

Breaking changes

Breaking changes are prevalent in the updated packages.

jimp

Release notes

Switched to fetch in v0.22.0
As of v0.10.4, core-js is no longer included with jimp or its extensions.

git-url-parse

Release notes

There are potentially breaking changes due to the update to parse-url@^8.0.0
VSTS SSH URLs may give unexpected results
For shorthand urls use the href property instead of pathname.
The user and password properties are now parsed separately.

conventional-changelog-writer

Release notes

From what I understand Version 5.0.1 addresses the vulnerability and has the following breaking changes:

nested object properties no longer supported when sorting

Version 7.0.1 introduces the following breaking changes:

Node >= 18 is required
Packages are ESM only now - https://gist.github.com/sindresorhus/a39789f98801d908bbc7ff3ecc99d99c

Out of scope

Vulnerabilities marked low, moderate and high were ignored for now - just focused on the critical ones.

Yarn audit results

After these updates and running a yarn install these are the yarn audit results:

6 vulnerabilities found - Packages audited: 503
Severity: 1 Low | 4 Moderate | 1 High

patrickhulce / hulk