Dependency upgrades to fix vulnerabilities

[hstove]

This PR is mostly a bunch of package.json upgrades to fix vulnerabilities in npm audit. Before, there were 8 "high" vulnerabilities, and one "critical". Now, there are only a few "moderate" vulnerabilites, which are only caused by dev dependencies, and I believe don't actually even get used when you run our dev scripts.

I say that after reading up on some of these things, and it turns out that the Node Security Project is actually shutting down, and apparently there are some bugs around vulnerabilities found in packages that from multiple levels deep of dependencies.

The upgrade was mostly smooth, but required some syntax updates for gulp and yeoman. Yeoman changed their syntax for defining a generator, so now you have to extend the Generator class with your own class. Gulp has a slight syntax change for how you define a 'series' of gulp tasks.

I've made sure that:

• npm test works
• all gulp tasks work
• running the generator works
  • running apps generated by the generator works

[kantai]

I cleaned out some dependencies in the test steps which were no longer doing anything (the coverage libraries were broken with later versions of gulp), and added a circle config to fix our CI process.