Move from `optimist` to `yargs` to address security vulnerabilities

[bunnymatic]

Problem

sifter depends on optimist which depends on an old version of minimist which has a security vulnerability (https://snyk.io/vuln/SNYK-JS-MINIMIST-559764).

Additionally, optimist the package is no longer supported. The author suggests just using minimist directly. After some investigation, it looks like yargs is basically a drop in replacement for optimist.

Solution

Replace optimist with yargs. This removes the vulnerabilty and requires almost no code changes.

Demo after the move to yargs

$ bin/sifter.js --help
Usage: sifter.js --query="search query" --fields=a,b

Options:
  --help       Show help                                               [boolean]
  --version    Show version number                                     [boolean]
  --fields     Search fields (comma separated)                     [default: ""]
  --query      Search query                                        [default: ""]
  --sort       Sort field                                          [default: ""]
  --direction  Sort direction                                   [default: "asc"]
  --file       CSV or JSON dataset

$ bin/sifter.js --version
0.6.0

[bunnymatic]

This should address #62.

[coveralls]

Coverage remained the same at 93.467% when pulling 23ca2a44aaf1dac28947d5c371c084d2c3e7851a on rcode5:chore/move-from-optimist-to-yargs-for-security into 97270b46707ddfb117570653f74153919dbb9cd7 on brianreavis:master.

[bytestream]

I think the only thing to point out is the Node.js support difference between optimist 0.6.1 and yargs 15.

[jangya]

Any idea when this will be merged. @Yanchek99 @brianreavis I wonder why it's left open since long days..

[bytestream]

Probably never, all Brian's work should be archived as it's unmaintained and has been for a number of years

[bunnymatic]

closing for inactivity