update tiny-lr

[akoskm]

The latest versions of tiny-lr aren't depending on body-parser anymore, can we update it to its latest version?

I'm willing to send a pull request but I was wondering if there's a reason behind going with 0.2.1.

[dackmin]

In addition to this, tiny-lr is still using debug#v2.6.7 which throws Low Vulnerability issues over at node-security (found here). Maybe we should wait for tiny-lr to be updated with a (already) patched version of debug before merging this PR (I created an issue on their repo) or replace tiny-lr with something else.

[dkomando]

Just ran a snyk security test to add to this:

`$ snyk test
✗ High severity vulnerability found on qs@5.1.0

• desc: Prototype Override Protection Bypass
• info: https://snyk.io/vuln/npm:qs:20170213
• from: myApp > grunt-contrib-watch@1.0.0 > tiny-lr@0.2.1 > qs@5.1.0
  No direct dependency upgrade can address this issue.`

[plroebuck]

any progress? are there that many changes needed to migrate to current version of tiny-lr?