Suggestion: Update `nan 2.x` to nan `^2.14.0`

[lukiano]

I was updating this library from 4.x to 5.x to add support for Node 12, but my building kept failing. Finally the reason was that yarn wasn't updating the version of nan as the package.json file still said 2.x. I had to run yarn upgrade to actually make it get the latest version of nan (with Node 12 support), which defeats the purpose of having a lock file at all.

[mattcolegate]

I've no experience of installing using yarn, but we don't ship a lock file to my knowledge - package.json lists the dependencies that need resolving together with rules on which versions will satisfy the requirements. 2.x means a range of versions where the major part of the semver is 2, so the range >=2.0.0, <3.0.0 which encompasses 2.14.0. ^2.14.0 means a range of versions where the major is 2 and the minor is 14 (>=2.14.0, <2.15.0) and so is more restrictive than 2.x. (more info: https://docs.npmjs.com/misc/semver) I've checked by installing appmetrics@5.1.1 using npm install and my package-lock.json is showing the installed nan version as 2.14.0 so I think it's interpreting 2.x correctly. https://yarnpkg.com/lang/en/docs/migrating-from-npm/ shows that the equivalent yarn command for npm update is yarn upgrade, so that command is necessary to update appmetrics from 4.x to 5.x in a way so that the dependencies also get updated.

[lukiano]

From that same page:

^1.2.3 := >=1.2.3 <2.0.0

Hence ^2.14.0 means >=2.14.0 <3.0.0