Fix npm install warnings

[feross]

I get these warnings when installing zuul with the latest stable npm (3.3.12):

npm WARN deprecated lodash@2.4.1: lodash@<3.0.0 is no longer maintained. Upgrade to lodash@^3.0.0.
npm WARN deprecated lodash@2.4.2: lodash@<3.0.0 is no longer maintained. Upgrade to lodash@^3.0.0.
npm WARN deprecated lodash@2.1.0: lodash@<3.0.0 is no longer maintained. Upgrade to lodash@^3.0.0.
npm WARN deprecated deflate-crc32-stream@0.1.2: module has been merged into crc32-stream

It looks like updating these dependencies would fix the issue:

firefox-profile@0.2.7
istanbul-middleware@0.2.0 
lodash@2.4.2

[vvo]

I think I tried updating lodash at some point but it failed erg..

[jdalton]

Let me know if I can help. To get a heads up of potential issues you can try using lodash-migrate.

[feross]

@jdalton Incidentally, why the deprecation warning for 2.x? Old code isn't necessarily bad if it's working correctly.

[jdalton]

I saw npm-deprecate used as an upgrade mechanism by @sebmck for Babel and dug it. With lodash v4 going out in Jan I wanted to nudge folks on older versions to upgrade. It's my hope that upgrades will cut down on support/maintenance issues related to older versions too.

I added the message for lodash@"<3.0.0||0.5.0-rc.1||<=1.0.0-rc.3" and narrowed the range using the npm semver calculator.

[defunctzombie]

Personally, I see limited value in upgrading these utility modules especially to a breaking version. Maybe we can split up and pull in only the utilities we need versus all of lodash then upgrading is clearer since we know what functions to test and fix up.

If basic upgrade doesn't work out of the box I am more inclined to leave as is unless there is a proven performance or security benefit on the specific functions we are using from lodash; otherwise it is just needless number bumping :)

[feross]

@defunctzombie I think depending on just the functions we need is the right approach going forward. With npm3, zuul takes several minutes to install because it's dependency tree is so huge. npm3 is so slow, you notice the number of dependencies more acutely.

[defunctzombie]

Npm 3 ;(

On Monday, December 7, 2015, Feross Aboukhadijeh notifications@github.com wrote:

@defunctzombie https://github.com/defunctzombie I think depending on just the functions we need is the right approach going forward. With npm3, zuul takes several minutes to install because it's dependency tree is so huge.

— Reply to this email directly or view it on GitHub https://github.com/defunctzombie/zuul/issues/255#issuecomment-162504241.

[vvo]

To clarify this issue, anyone can submit a PR upgrading lodash to 3, this is all we need