Bump dependencies to latest versions

[jzombie]

No description provided.

[jzombie]

Tests report that they have all passed, though there were some peculiarities in both the master branch and my own branch regarding timeouts which never closed the browser. Maybe I was doing something wrong.

There is one remaining high severity vulnerability in the trim package:

┌──────────────────────────────────────────────────────────────────────────────┐
│ Manual Review │
│ Some vulnerabilities require your attention to resolve │
│ │
│ Visit https://go.npm.me/audit-guide for additional guidance │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High │ Regular Expression Denial of Service in trim │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ trim │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=0.0.3 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ hallmark [dev] │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ hallmark > remark > remark-parse > trim │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://npmjs.com/advisories/1700 │
└───────────────┴──────────────────────────────────────────────────────────────┘

[jzombie]

Also did a standard --fix to fix the usage of vars, as it had linting errors after bumping the deps.

[vweevers]

though there were some peculiarities in both the master branch and my own branch regarding timeouts which never closed the browser

This is expected, the tests verify that when a timeout occurs, it is handled correctly. The test output can be confusing at times, when it mixes in browser test results that are expected to contain failures.

[jimmywarting]

Currently it seems like it is installing two versions of browserify, would be grate to get this updated to 17

[vweevers]

Please revert these, as well as the other changes in this file. We're using var to support old browsers.

If standard gives you trouble, you can use an eslint-disable <rule> comment.

[vweevers]

Because of this upgrade, airtap users will have to take an additional step to test on IE11. Can you please update this readme section? It should say:

To support IE < 11, older versions of the buffer and stream-browserify polyfills are required. Use the following configuration and run npm install buffer@4 stream-browserify@2:

# Use buffer@4 and stream-browserify@2 to support IE < 11
browserify:
 - require: 'buffer/'
   expose: 'buffer'
 - require: 'stream-browserify'
   expose: 'stream'

[vweevers]

I don't have enough information to merge this PR. Please check the following:

1. Is latest engine.io-client using ES6+ features? Which is why we currently pin to 3.3.2.
2. What breaking changes were made between engine.io-client v3 and v5?
3. Do they support the same browsers (versions)?
4. What breaking changes were made between engine.io v3 and v5?