Update major dependencies

[steven-esser]

Perhaps as part of #103, we should bump all major dependency versions to their latest to address some warnings from npm audit. This will break a few things (sequelize in particular)

[steven-esser]

#396 Merged, closing this for now. All deps have been updated to latest (sans sequelize) and all security alerts should now be handled.

The sequelize bump to v5 will happen later. This was not an offending party as I had previously thought.