Bump json5 version in package-lock.json

Bump json5 versions from 1.0.1 to 1.0.2 and from 2.* to 2.2.2 to address
"Prototype Pollution in JSON5 via Parse Method"
flagged by dependabot.

It may be advisable to enable dependabot alerts on your repository as well for similar future notifications.