Security Warnings for Dependencies (Github + NPM)

[djsiroky]

As I've been reviewing and testing in MC, both GitHub and NPM have been giving me security warnings. I spent a little time checking out the items NPM reported from running npm audit. They are:

• Update socket.io to ^2.2.0 from ^1.4.6 See this comment about breaking changes, which do not appear to affect this repo
• Replace jade with pug (jade is deprecated and pug is the next version of it)
• Downstream upgrades to dependencies on eslint (a devDependency)
• Bower update to ^1.8.8 from ^1.8.4

I've started implementing them on security-audit-fixes.

The items that GitHub is reporting are mostly client-side libraries that are actually being tracked by the repo and may warrant a whole other discussion on removing those.