fix: package.json & package-lock.json to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-XML2JS-5414874

package.json

@@ -37,7 +37,7 @@
     "fast-glob": "^3.2.5",
     "got": "^11.8.2",
     "picomatch": "^2.2.2",
-    "xml2js": "^0.4.23"
+    "xml2js": "^0.5.0"
   },
   "devDependencies": {
     "@octokit/types": "^7.1.0",