chore: upgrade deps with npm vulnerability

[Balvajs]

The @semantic-release/npm dependency reports vulnerability because it's dependent on npm.
With https://github.com/semantic-release/npm/releases/tag/v11.0.3 the vulnerability was removed, and it's also the last version before dropping support for Node v18.

Together with the upgrade of @semantic-release/npm the https://github.com/semantic-release/github/releases/tag/v9.2.6 can be safely upgraded because it's last version before dropping support for Node v18.

Closes #99

BREAKING CHANGE:
Drop support for Node v16 and v19. Supported Node versions are now ^18.17 or >=20.

[Balvajs]

@TheUnderScorer I don't know if you want to keep Node v18 support or not, I chose a less aggressive upgrade. However, if you are willing to drop support for v18, there is a newer version of both libraries:
https://github.com/semantic-release/github/releases
https://github.com/semantic-release/npm/releases

[TheUnderScorer]

Thanks for the PR @Balvajs. Pls rebase on the master branch so that the CI can run properly.

BTW. I'm not sure if this change won't break the plugin, since the @semantic-release/npm package became ESM only with this version, but let's see if the tests will pass ;)

[TheUnderScorer]

As I expected 😔.
Sadly, NX still doesn't support ESM executors (there is a ongoing PR for this), so until this is implemented I won't be able to merge it.

I will try to experiment with some workarounds, because It would be good to update semantic-release to latest version as well, but it will take some time.

[Balvajs]

@TheUnderScorer I will try to make it work, I am using pure ESM dependencies in executors in our company's NX monorepo and it works. It's using dynamic import syntax that's not nice, but it gets the job done and we can keep using the latest package versions:

	const execa = await (new Function('return import("execa")')() as Promise<
		typeof import('execa')
	>);

[corwestermaniddink]

@TheUnderScorer @Balvajs Could this merge please be fixed and take place?

[Balvajs]

@corwestermaniddink I wasn't able to make it work 😕 And we switched to https://github.com/jscutlery/semver, so I won't be digging into this anymore and close the PR.

[corwestermaniddink]

@corwestermaniddink I wasn't able to make it work 😕 And we switched to https://github.com/jscutlery/semver, so I won't be digging into this anymore and close the PR.

Please be-aware that you use "semantic-release" npm pkg in your package.json, they use an old version of "semver" npm pkg with this vulnerability: GHSA-c2qf-rxjj-qqgw in their latest version.

"semantic-release" didn't update for 4 years "semver" in their package.json!