refactor(node-resolve): remove deep-freeze from dependencies (#529)

`deep-freeze` is licensed as Public Domain, which might be problematic for some 3rd parties such as the Angular CLI.

In Angular CLI we have a license validator that validates direct and transitive dependencies, and Public Domain is a problematic license becuse it falls under the "unencumbered' group which requires legal audit.

More context: https://opensource.google/docs/thirdparty/licenses/#unencumbered

Author: alan-agius4

packages/node-resolve/package.json

@@ -52,7 +52,6 @@
     "@rollup/pluginutils": "^3.1.0",
     "@types/resolve": "1.17.1",
     "builtin-modules": "^3.1.0",
-    "deep-freeze": "^0.0.1",
     "deepmerge": "^4.2.2",
     "is-module": "^1.0.0",
     "resolve": "^1.17.0"

packages/node-resolve/src/index.js

@@ -2,7 +2,6 @@
 import { dirname, normalize, resolve, sep } from 'path';
 
 import builtinList from 'builtin-modules';
-import deepFreeze from 'deep-freeze';
 import deepMerge from 'deepmerge';
 import isModule from 'is-module';
 
@@ -19,6 +18,17 @@ import {
 const builtins = new Set(builtinList);
 const ES6_BROWSER_EMPTY = '\0node-resolve:empty.js';
 const nullFn = () => null;
+const deepFreeze = object => {
+  Object.freeze(object);
+
+  for (const value of Object.values(object)) {
+    if (typeof value === 'object' && !Object.isFrozen(value)) {
+      deepFreeze(value);
+    }
+  }
+
+  return object;
+};
 const defaults = {
   customResolveOptions: {},
   dedupe: [],