fix: 2020/03 npm update dependencies

[yumetodo]

update too many dependencies

• eslinter is outdated. Currently, eslint has an option to cache. so we use eslint directly.
• apply eslint-plugin-mocha
• esbeautifier is outdated. Prettier is a famous tool to format. Apply Prettier.
• apply npm audit fix(1 vulnerability required manual review and could not be updated)
• breaking change: drop support node.js < 10 in develop
• breaking change: update write to 2.0.0 to avoid minimist's vulnerability (See Update minimist to 1.2.3 or later #47 and changelog for detail)

[diegoh]

Hey @yumetodo,
Do you reckon this need a major version bump given that it isn't backwards compatible?
Just to be on the safe side. There might be other packages that depend on flat-cache running deprecated versions of node that would break.

[yumetodo]

Yes.

I just now noticed that write request node>=10.
jonschlinkert/write@e996f21
This is breaking change.

So, Major version bump is required to follow Semantic Versioning 2.0 spec.

[diegoh]

Hey @royriojas, a gentle reminder of this PR, do you think this could be reviewed? Still needs a major bump, just putting it in your radar.

[yumetodo]

BTW, you should stop using istanbul. it is no longer maintained. optimist is deprecated and not maintained.
https://github.com/substack/node-optimist/issues/152

$npm ls minimist
[email protected] C:\msys64\home\yumetodo\flat-cache
+-- [email protected]
| `-- [email protected]
|   `-- [email protected]
+-- [email protected]
| `-- [email protected]
|   `-- [email protected]
|     `-- [email protected]
`-- [email protected]
  `-- [email protected]
    `-- [email protected]

edit: I noticed that handlebars 4.x develop is still continued. watch handlebars-lang/handlebars.js#1666

[yumetodo]

reduced vulnerability report to only 1!

$npm audit

                       === npm audit security report ===                        


                                 Manual Review                                  
             Some vulnerabilities require your attention to resolve             
                                                                                
          Visit https://go.npm.me/audit-guide for additional guidance           


  Low             Prototype Pollution                                           

  Package         minimist                                                      

  Patched in      >=0.2.1 <1.0.0 || >=1.2.3                                     

  Dependency of   istanbul [dev]                                                

  Path            istanbul > handlebars > optimist > minimist                   

  More info       https://npmjs.com/advisories/1179                             

found 1 low severity vulnerability in 818 scanned packages
  1 vulnerability requires manual review. See the full report for details.

[SuperITMan]

This seems really nice! Thanks for your work 👍
Small detail but since we are talking about breaking changes and major version for next release, maybe you could change the engines in the "package.json". See: https://docs.npmjs.com/files/package.json#engines

I suggest to change this for:

"engines": {
  "node": ">=10"
}

What do you think @yumetodo ?

Let's hope @royriojas will have the occasion to check and merge this PR and do a new release 😊

[royriojas]

hey @SuperITMan

Sorry I didn't had time these days to review this changes. I will review later today

[yumetodo]

About write update:

In this project, write.sync is an only use case and it was not changed by write's major update.

[SuperITMan]

Hey @royriojas
Would you have a moment to have a look on this PR and maybe merge it + release a new version of flat-cache and flat-entry-cache ? 🤞

Thanks for your time 😊