chore: upgrade to read-pkg-up `^8.0.0` (from `^7.0.1`)

[ericcornelissen]

Upgrade the dependency read-pkg-up to ^8.0.0 in order to transitively update the dependencies read-pkg, normalize-package-data, and semver. In particular:

• read-pkg got bumped from ^5.2.0 to ^6.0.0
• normalize-package-data got bumped from ^2.5.0 to ^3.0.2
• semver got bumped from 2 || 3 || 4 || 5 to ^7.3.4

which means this package will be compatible with a version of semver not vulnerable to CVE-2022-25883 going forward. Note that this does not update semver in the lockfile for this project, currently semver is at:

$ npm ls semver --omit dev
unimported@1.20.2 /path/to/unimported
├─┬ @typescript-eslint/parser@5.27.1
│ └─┬ eslint@7.32.0
│   └── semver@7.3.7 deduped
├─┬ @typescript-eslint/typescript-estree@5.27.1
│ └── semver@7.3.7
└─┬ read-pkg-up@8.0.0
  └─┬ read-pkg@6.0.0
    └─┬ normalize-package-data@3.0.3
      └── semver@7.3.7 deduped

I upgrade to 8.0.0 instead of latest (9.0.1 at the time of writing) because it requires at least Node.js v14.13.1, which is higher than this package and so incompatible.

[ericcornelissen]

Closing this because read-pkg-up@v8's breaking change "This package is now pure ESM." means this upgrade can't (if I'm not mistaken) be done in a backwards compatible way.