Describe the bug
Currently the github-script lockfile uses the earliest package versions which match these version requirements:

    {
        "@actions/core": "^1.2.7",
        "@actions/exec": "^1.1.0",
        "@actions/github": "^4.0.0",
        "@actions/glob": "^0.1.1",
        "@actions/io": "^1.0.2",
        "@octokit/core": "^3.2.1",
        "@octokit/plugin-paginate-rest": "^2.6.0",
        "@octokit/plugin-rest-endpoint-methods": "4.2.1"
      }

Many of these packages have more recent minor releases. For instance, actions/core is now on 1.5.0, with 1.2.7 being about 5 months old; octokit/core is on 3.5.1, with 3.2.1 being 10 months old. In the absence of any documentation to the contrary, I'd expect the exposed packages to be kept up to date. Otherwise, clicking the links for these packages from the github-script README leads to pages describing functionality that may not actually be usable with github-scripts.

If automating dependency updates is problematic, it would be good to capture the specific versions that github-script provides in its README so that users understand that they need to check the version compatibility of all the provided APIs they want to use.

Relates to #133.