Closes #4932, Closes #4876

* No lock files prevents the use of yarn upgrade & outdated

* Update deps

* Bump Jest across the board

* Add safe postcss parser

* Updates to reflect service worker registration being opt-in.

* Fixed an anchor link.

* Updates to SWPrecacheWebpackPlugin config, and corresponding docs.

* Upgrade html webpack plugin

* Fix build

* Disable webpack chunk rollup

* Bump timeout

* Revert "Bump timeout"

This reverts commit 84632115d178b48e08eb75dc5e9a921ece6aa759.

* fix FileSizeReporter in Windows enviroment

* chore: change line endings

* Revert Lerna dependency, there's too many bugs in v3

* Remove `mjs` support

This reverts commit b43ad04b.

This reverts commit aa8789b1.

This reverts commit 47d2d941.

This reverts commit 2c34d5b6.

This reverts commit 9690bc86.

This reverts commit 058d03f8.

Uglify is no longer maintained and has bugs not present in Terser (its successor)

The `formatter` option is incompatible with with `thread-loader`.
The `formatter` option previously accepted a function which was lost during JSON serialization.

* Update jest version

* Update babel-jest version

* Use testURL: http://localhost in jest configs.

* Update to jest version 23.5

This version of jest includes a fix for https://github.com/jsdom/jsdom/issues/2304

* "testURL": "http://localhost" is default with jest v23.5

This fixes the functionality of this dependency for Node 10 and above.

Refs: https://github.com/webpack/webpack-dev-server/pull/1451
Refs: https://github.com/nodejs/node/issues/21665

* Use file name whitelist to prevent RCE

Use a whitelist to validate user-provided file names. This doesn't cover
the entire range of valid filenames but should cover almost all of them
in practice. Allows letters, numbers, periods, dashes, and underscores.
Opting to use a whitelist instead of a blacklist because getting this
wrong leaves us vulnerable to a RCE attack.

* Allow alphabet characters from all languages

Updated the whitelist to /^[\p{L}0-9/.\-_]+$/u, which matches
alphanumeric characters, periods, dashes, and underscores. Unicode
property support is stage 4 so I've inlined the transpiled version.

* Only use file name whitelist on Windows

* Log error message if file name does not pass whitelist

* support scoped packages for cra --scripts-version option

* enable safe option to cssnano processor

Fixes #4682

* Add Node 10 to Travis config. Remove Node 6.

* Add Node 10 to Appveyor config. Remove Node 6.

* Remove node 9 from travis config.

* Increase mocha timeout.

* Update minimum Node version to 8.

* Update yarn to latest on Travis.

* Update old-node test to use Node 4.

* Increase mocha timeout in kitchensink-eject tests.

* Update yarn to latest on Appveyor.