fix(@inquirerer/utils): use semver for version comparison and add clearUpdateCache()

[pyramation]

fix(@inquirerer/utils): use semver for version comparison and add clearUpdateCache()

Summary

Two fixes to the update-check module in @inquirerer/utils:

1. Semver comparison bug: checkForUpdates() used JS string comparison (>) to determine if a newer version exists. This silently fails for multi-digit semver segments — e.g. "3.10.0" > "3.9.0" is false in JS string comparison. Replaced with semver.gt() via a new isNewerVersion() helper (falls back to string comparison for non-semver strings).

2. New clearUpdateCache(toolName) export: Consumers (e.g. pgpm update) need to invalidate the cached update-check result after a successful self-update, so subsequent commands don't re-prompt with a stale "update available" message. Previously there was no way to do this without knowing the internal cache path. This adds a clean public API for it.

Also extracted 'update-check.json' into a CACHE_FILENAME constant so the filename isn't duplicated between checkForUpdates and clearUpdateCache.

Adds semver (^7.7.4) as a new dependency.

Review & Testing Checklist for Human

• Verify semver as a new dependency is acceptable — downstream consumers (pgpm, cnc) already depend on semver directly, so no version conflict expected, but confirm no bundle size concerns
• Review isNewerVersion() fallback: when either version string isn't valid semver, it falls back to the old string comparison (latest !== current && latest > current). Decide if this is the right behavior or if it should just return false for invalid semver
• Note: no tests were added for clearUpdateCache() or isNewerVersion() — consider whether test coverage is needed before merge
• Verify the lockfile diff is just formatting noise (single vs double quotes) plus the semver/@types/semver additions — no packages should have been removed

Notes

• This is the upstream fix for constructive-io/constructive#704. Once published, pgpm can call clearUpdateCache('pgpm') after update and trust hasUpdate directly without a local semver workaround.
• Requested by: @pyramation
• Link to Devin run

[devin-ai-integration]

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

• Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
• Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

• Disable automatic comment and CI monitoring