Update all dependencies

[XVincentX]

This PR goes through all the deps and update them to the latest version.

Note: this PR contains an upgrade from Winston2 to Winston3. I went though the changelog and made all the necessary changes to make it work correctly.

It also updates upath to 1.0.5 that does not have any compatibility problem with node 10.

Connect #752
Closes #752

[codecov]

Codecov Report

Merging #764 into master will decrease coverage by 0.01%.
The diff coverage is 100%.

@@            Coverage Diff             @@
##           master     #764      +/-   ##
==========================================
- Coverage   89.03%   89.01%   -0.02%     
==========================================
  Files         132      132              
  Lines        3576     3570       -6     
==========================================
- Hits         3184     3178       -6     
  Misses        392      392

Impacted Files	Coverage Δ
lib/logger.js	100% <100%> (ø)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 34e4634...9555049. Read the comment docs.

[kevinswiber]

LGTM. Would be good to get @DrMegavolt's take.

I know we have at least one user who's overriding the winston logger. We should add to the release notes that the approach to doing this might change.

FYI: @mikedshaffer, I believe we discussed this on Gitter. Not sure if the log-hijacking approach we discussed will still work after this winston upgrade. These changes are planned to roll out with [email protected].