lib: update to mkdirp@1 w/ Promises interface

[rvagg]

Ref #2074

I did want to update to 0.5.3 but Isaac has deprecated all 0.x versions. To avoid the deprecation warning we need to go to @1 which has a Promises interface. We don't have any async/await in 5.x so I don't want to introduce it. We do have one use of Promises already so this isn't a major change. I'd just like some checking of my code!

[rvagg]

Node 6 tests fail, mkdirp now uses varargs: opts = { mode: 0o777 & (~process.umask()), fs, ...opts }

So ... how do we feel about dropping Node 6 support in this old release line? Is 6 ancient enough to stop caring or should we preserve 6 support for those people stuck on it? Alternatives I see if we want to maintain 6 support are (a) implement our own mkdirp for Node versions that don't have recursive, our needs are simpler than the use-cases mkdirp covers or (b) stick with 0.5.3 which will fix the security warning but include a deprecation warning.

[rvagg]

Was reminded by #2047 that we have a request deprecation in place anyway, so an additional deprecation probably isn't a big deal.

My inclination here is to use mkdirp 0.5.3 to avoid the security warning but swallow the deprecation warning and not impact our Node version compatibility. We can move on with node-gyp 7 (6 is probably finished now) where we can start using fs.mkdir recursive where available and switch away from request (undecided how yet).

It really depends on what npm wants to do, if they jump to mkdirp 1 then we should probably follow suit to dedupe.

@darcyclarke I hear you're the one handling this next npm release? Do you want to coordinate on this or will you just be bumping to 0.5.3 (which our semver range allows).

[darcyclarke]

@rvagg I'm going to push out a release to npm in the next little bit here which should pull in the latest mkdirp0.5.3 & resolve this.

[O330oei]

add