fix NPE if dependencies fields are explicitly null in get-dep-spec

[adrienbaron]

This fixes an NPE that happens when a project doesn't have a dependencies field in it's package.json on GitHub private packages repository.

In that case, the GitHub repository API returns dependencies explicitly to null, which means the default value assignment in lib/get-dep-spec.js doesn't kick in, and the process just crashes with an NPE.
This makes npm audit in npm 7 crash if you depend on a package hosted on GitHub private packages repository that has any version in it's history with no dependencies field.

This also cannot be fixed by pushing a new version to the repository as old versions will still return dependencies: null.

This is not a breaking change, and is just a safer behaviour than previously.

Sample response from GitHub private repository

When calling: https://npm.pkg.github.com/REDACTED_PACKAGE_NAME

{
  "name": "REDACTED_PACKAGE_NAME",
  "dist-tags": {
    "latest": "12.0.2"
  },
  "versions": {
    "10.14.6": {
      "dependencies": null,

[wraithgar]

Closed here #6

Sorry we didn't notice this first.

[adrienbaron]

It's OK, happy it's fixed 👍