build(deps): bump NPM from 8.5.1 to 8.18.0

[THETCR]

Currently the NPM version being used is locked to version 8.5.1, which was released almost half a year ago.
Besides containing two security vulnerabilities, there are also issues with, for instance, overrides.

This PR makes NPM use a SemVer range and omits locking the minor and patch versions. Which prevents any sudden breaking changes (opposed to using @latest) while still keeping NPM up-to-date.

[jeffwidman]

Oof, being that outdated isn't great. 😢

However, we need to stick with a fully pinned version:

• If we don't pin it we won't have a clear history of what npm version was in use with each release.
• A new npm release could introduce a bug or performance regression which would get released as part of an unrelated change and be harder to detect.
• If we did want to keep npm up to the latest a new release wouldn't necessarily pick it up because of docker caching.

That said, we certainly want to be up to date, so can you change this PR to bump the version to the latest stable release?

[THETCR]

@jeffwidman
Fair enough.
The only thing I'm a bit doubtful of is the Docker caching. Since NPM is pulled and installed from the npmjs registry by the NPM package that comes with NodeJS. Wouldn't that result in Docker not caching it?

I updated the PR for bumping NPM to 8.18.0

The reason I removed the preceding 'v' is because it's officially not a part of SemVer spec and technically invalid.
Although NPM tolerates it for convenience, because of the common use in the English language,

[pavera]

Thanks for updating this!

[jeffwidman]

Thanks for following up on this!