Updating express to 4.9.2 & related packages

ref #3795

- express updated to 4.9.2
- express 4.9.0 introduced res.sendStatus() to replace res.status().end()
- we no longer need express-session, connect or cookie-parser
- body-parser, busboy, compression, express-hbs, morgan, all bumped to
  latest versions as well - there doesn't seem to be any breaking changes

core/server/middleware/index.js

@@ -195,7 +195,7 @@ function checkSSL(req, res, next) {
             // Check if forceAdminSSL: { redirect: false } is set, which means
             // we should just deny non-SSL access rather than redirect
             if (forceAdminSSL && forceAdminSSL.redirect !== undefined && !forceAdminSSL.redirect) {
-                return res.status(403).end();
+                return res.sendStatus(403);
             }
 
             redirectUrl = url.parse(config.urlSSL || config.url);

package.json

@@ -33,25 +33,22 @@
     "dependencies": {
         "bcryptjs": "0.7.10",
         "bluebird": "2.3.0",
-        "body-parser": "1.6.3",
+        "body-parser": "1.8.2",
         "bookshelf": "0.7.6",
-        "busboy": "0.2.3",
+        "busboy": "0.2.8",
         "cheerio": "0.17.0",
         "colors": "0.6.2",
-        "compression": "^1.0.2",
-        "connect": "3.0.0-rc.1",
+        "compression": "1.1.0",
         "connect-slashes": "1.2.0",
-        "cookie-parser": "1.0.1",
         "downsize": "0.0.5",
-        "express": "4.8.3",
-        "express-hbs": "0.7.10",
-        "express-session": "1.0.4",
+        "express": "4.9.2",
+        "express-hbs": "0.7.11",
         "fs-extra": "0.8.1",
         "html-to-text": "^0.1.0",
         "knex": "0.6.21",
         "lodash": "2.4.1",
         "moment": "2.4.0",
-        "morgan": "1.0.0",
+        "morgan": "1.3.1",
         "node-uuid": "1.4.1",
         "nodemailer": "0.7.1",
         "oauth2orize": "1.0.1",