Lock graphql config dep

[lopert]

Started seeing CLI failures related to a node engine failure for version 18, similar to what I fixed in #30.

The latest version of Minimatch (10) now requires node 20 or higher.
This doesn't work for us because we need CLI to run under node 18.

We can see using npm why that we're getting this through graphql-config

 ~/s/gi/S/shopify-function-javascript  main *1  nvm use 18                                         ✔  system   
Now using node v18.20.8 (npm v10.8.2)

 ~/s/gi/S/shopify-function-javascript  main *1  npm install                                                    ✔ 
npm warn EBADENGINE Unsupported engine {
npm warn EBADENGINE   package: '[email protected]',
npm warn EBADENGINE   required: { node: '20 || >=22' },
npm warn EBADENGINE   current: { node: 'v18.20.8', npm: '10.8.2' }
npm warn EBADENGINE }

added 327 packages, and audited 328 packages in 4s

44 packages are looking for funding
  run `npm fund` for details

found 0 vulnerabilities

 ~/s/gi/S/shopify-function-javascript  main *1  npm why minimatch                                         ✔  4s 
[email protected]
node_modules/minimatch
  minimatch@"^10.0.0" from [email protected]
  node_modules/graphql-config
    graphql-config@"^5.1.1" from @graphql-codegen/[email protected]
    node_modules/@graphql-codegen/cli
      @graphql-codegen/cli@"^5.0.4" from the root project

The minimatch dependency was bumped in graphql-config in 5.1.4, so we're locking it back down to 5.1.3.

Additionally, since this is the second time we've run into an issue like this, I've gone ahead and swapped all our package version to use specific versions. I used the versions that ended up in the package-lock.json after a successful npm install.

[lopert]

🎩 'd with the same flow as the previous issue
#30