fix: package.json to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-MERGE-1042987

package.json

@@ -40,7 +40,7 @@
     "gulp-sass-lint": "^1.2",
     "gulp-sourcemaps": "^2.6.0",
     "gulp-task-listing": "^1.0",
-    "merge": "^1.2.0",
+    "merge": "^2.1.1",
     "minimatch": "^3.0.4",
     "run-sequence": "^1.2"
   },