Upgrade deps

[SimenB]

This upgrade all deps to latest.

It also adds ^ to dependencies so that they can be deduped for consumers.

(breaking change in chalk@2 is removal of stripColors and support for old nodes)

[af]

I'm generally not a big fan of ^ for dependencies, since library authors are human and non-semver-compliant changes can break things. Could you pin the deps to strict versions? Other than that this looks good, some of those deps are really old

[SimenB]

My thought was that with yarn and npm@5 people use lockfiles. It moves the responsibility over to consumers to lock down deps, but also empowers them to dedupe deps to achieve smaller bundles/apps.

That said, I don't really feel strongly about this. But maybe activate Greenkeeper so we don't drift too much?

[af]

That is a very valid point about lockfiles, everyone should be using them at this point so floating dep versions is less of a problem these days. Still, pinning to exact versions lessens our burden of ensuring envalid works the matrix of matching dependency versions. Using ^ advertises that this lib will work with all of the matching versions, which we can't ensure without testing them all.