Dependabot not updating dependencies for OpenTelemetry Lambda JS

[vasireddy99]

Describe the bug

It appears that Dependabot, is not updating the dependencies for Node.js release. dependencies that are not updated.

Lambda Nodejs Layer 0.7.0 claims to be at version otel js 1.24.1, but the dependencies are not updated in the corresponding release

[tylerbenson]

1.24.1 was the version reported by the build: https://github.com/open-telemetry/opentelemetry-lambda/actions/runs/9355724499 (component-version=1.24.1)
(which invokes version.js)
Maybe that is reporting the version incorrectly or it's being transitively updated?

[rapphil]

We are using caret in the version of the dependencies: https://github.com/npm/node-semver?tab=readme-ov-file#caret-ranges-123-025-004

This makes the dependency to be resolved in build time.

We could use a package-lock.json or explicitly set the the version instead of using caret. Since this is somewhat a library I would prefer to make it explicit in package.json.