Updates from npm update

This update attempt was spurred by an alleged json5 vulnerability.
It is a dev dependency and therefore should not be included in
production code and therefore should not affect deployed instances of
the software.

This commit includes an update to json5 v1 which should be compatible
with eslint plugin and removes the vulnerability.

See import-js/eslint-plugin-import#2447 (comment)
See json5/json5#298

Issue #190 `npm ci` reports vulnerabilities...