Update chokidar to ^3.2.1

[ssk101]

Older versions of Chokidar have a few issues watching large amounts of files (as in no events are triggered on file changes after a while).

[smhg]

@goto-bus-stop is there anything I can help with to move this forward?

[johnjbarton]

The travis-ci will never pass, because the project tests 5 old versions of nodejs, but fsevents 2.x used by chokidar 3.x only supports nodejs 8+:
https://www.npmjs.com/package/fsevents

[MylesBorins]

We have had to skip testing watchify on MacOS in the node.js smoke test suite CITGM due to failures related to this old dependency

nodejs/citgm#817

[sseide]

Now first security warnings arrived for dependencies of the old chockidar 2.1.x version. Now this update may get a bit more priority i hope...

Watchify depends on chokidar 2.1.x (2.1.8 as latest) which depends (in the end) on old cache-base@1.0.1 Older cache-base releases have a prototype pollution problem, fixed with later cache-base 4.x releases... Currently no update available as chokidar 2.1 is not supported anymore. The update to latest chokidar@3.4.4 will fix these security warning.

watchify@3.11.1 > chokidar@2.1.8 > braces@2.3.2 > snapdragon@0.8.2 > base@0.11.2 > cache-base@1.0.1

And - another positive side effect: using chockidar 3.x instead of 2.1 dramatically reduces dependency count (see https://paulmillr.com/posts/chokidar-3-save-32tb-of-traffic/)

Security warning: https://snyk.io/vuln/SNYK-JS-CACHEBASE-1054631

[sseide]

Addon - anymatch should be updated to latest 3.x too as chokidar depends on anymatch 3.1 and not 2.x anymore to not pull duplicate dependencies and (more important) old anymatch@2.x fetches vulnerable cache-base too

[goto-bus-stop]

merged in #378 and released as 4.x. Thanks for the PR!