chore: update package-lock.json

Quells warnings about vulnerable brace-expansion. Not sure
why dependabot couldn't do the update, but doing it manually
worked, so here we are.

Author: Trott