fix: nodejs vulnerabilities

[maxday]

This PR fixes:

GHSA-h5c3-5r3r-rr8q see: https://osv.dev/vulnerability/GHSA-h5c3-5r3r-rr8q affected package: @octokit/plugin-paginate-rest

GHSA-rmvr-2pp2-xj38 https://osv.dev/vulnerability/GHSA-rmvr-2pp2-xj38 affected package: @octokit/request

GHSA-xx4v-prfh-6cgc https://osv.dev/vulnerability/GHSA-xx4v-prfh-6cgc affected package: @octokit/request-error

By running npm ls on those three packages, it appears that they're a dependencies of lerna See the output of the three commands:

npm ls @octokit/plugin-paginate-rest --all

[email protected] /Users/maxday/git/opentelemetry-lambda/nodejs
└─┬ [email protected]
  └─┬ @octokit/[email protected]
    └── @octokit/[email protected]

npm ls @octokit/request --all

[email protected] /Users/maxday/git/opentelemetry-lambda/nodejs
└─┬ [email protected]
  └─┬ @octokit/[email protected]
    └─┬ @octokit/[email protected]
      ├─┬ @octokit/[email protected]
      │ └── @octokit/[email protected] deduped
      └── @octokit/[email protected]

npm ls @octokit/request-error --all

[email protected] /Users/maxday/git/opentelemetry-lambda/nodejs
└─┬ [email protected]
  └─┬ @octokit/[email protected]
    └─┬ @octokit/[email protected]
      ├── @octokit/[email protected]
      └─┬ @octokit/[email protected]
        └── @octokit/[email protected] deduped

I think dependabot might not being able to bump it because of the caret, this PR, in addition to bump the lerna version, removes the carret.

Those vulnerabilities are reported here: https://scorecard.dev/viewer/?uri=github.com/open-telemetry/opentelemetry-lambda