Fixes #1562: fixes version of trim-newlines

[ivolzhevbt]

Description

Hi maintainers! I'm Ivan and I work at Bison Trails. We're doing an internal hackathon this week.

Our team loves vscode-gitlens, but it got flagged during a recent security review. Our team voted to use our hackathon time to patch vulnerabilities in our favorite OSS tools and specifically to try to get vscode-gitlens approved for usage within our organization.

What's here:

• version of trim-newlines dependency is forced to resolve to the safe, patched version of the package

Impact:

These changes should improve vscode-gitlens's security posture. We identified these vulnerabilities using Salus and the OSSF scorecard. The specific issues I am hoping to address here are:

• Regular expression Denial of service described in this advisory

Thank you so much for your work maintaining vscode-gitlens, and thank you for taking the time to look at these proposed changes!

Checklist

• I have followed the guidelines in the Contributing document
• My changes follow the coding style of this project
• My changes build without any errors or warnings - there is a warning because change forces newer version of trim-newlines package included through devDependencies dependencies. Newer version is properly patched, and backward compatible. I haven't found a way to replace direct dependency which would have updated trim-newlines transitive dependency.
• My changes have been formatted and linted
• My changes include any required corresponding changes to the documentation
• My changes have been rebased and squashed to the minimal number (typically 1) of relevant commits
• My changes have a descriptive commit message with a short title, including a Fixes $XXX - or Closes #XXX - prefix to auto-close the issue that your PR addresses

[eamodio]

Thank you for your contribution!