replace optimist with yargs and update dependencies

[jakesjews]

Optimist has been deprecated in favor of yargs. Replace optimist with yargs and update other outdated dependencies.

Resolves #572

[AsaAyers]

Why is it important that I reply ASAP? This project isn't really being maintained any more. I have moved on from CoffeeScript and I think everyone else should too.

There has been no reason to update CoffeeLint for 5 months and unless one of our dependencies convinces the npm admins to allow them to pull a left-pad, CoffeeLint will continue to work with no changes for the foreseeable future.

[jakesjews]

I didn't say you needed to reply ASAP? Edit: sorry didn't see the other comment on my iPhone app so thought that was to me.

[AsaAyers]

You're fine, @jufemaiz "approved these changes" and asked me to reply ASAP. I don't know if the "approving the changes" was intentional or not, but either way, it seems strange that github allows drive by "approvals" for pull requests on projects now.

[jufemaiz]

@asaayers: 1 I said "apply" not "reply". Read first before blowing up at people please. I thought it a more appropriate comment than simply "ok".

Second, if the project is.no longer maintained and you recommend people ditch it, could you please provide that advice on the project page and the info website.

Third, I do thank you for your contribution. My apologies that a misread comment by you and using a feature that isn't just +1 caused so much anger and strife.

[AsaAyers]

Sorry, I didn't intend to sound as angry as it was taken. Text based communication can be difficult. I did not intend to "blow up", but I legitimately don't understand why you care if some of the dependencies are out of date if the project is still working. The ASAP is the most confusing part because I can't figure out a scenario in which this matters outside the general idea that dependencies should be kept up to date. But in this case, I think it's an "If it isn't broke, don't fix it" situation.

Unfortunately as I don't use this project any more I'm not going to catch any subtle bugs that may pop up as a result of updating dependencies. Just this week I noticed there seems to be increased attention on this project and I have no idea why. I'm used to fielding one issue or comment every month or two because the traffic here is just that low. A few days ago I had a discussion with @swang and we have agreed it would be good to officially document the status of this project. I haven't taken the time to figure out what exactly to write and where as the decision was made Friday night.

[jufemaiz]

@AsaAyers ok, taken.

https://medium.com/node-security/minimatch-redos-vulnerability-590da24e6d3c#.hj4tt65mj https://nodesecurity.io/advisories/minimatch_regular-expression-denial-of-service

Both of these go into why this should be considered a high priority patch. Was raised elsewhere, this was a PR that resolved it (along with others). Happy to create smaller individual PRs if needed.

Once again, thanks for contributing to the OS space. It is appreciated.

[jakesjews]

Im totally willing to reduce the scope of this PR too. The main reason I made it was for the security issues above and also so that NPM could do some better de-duping of packages with my other dependencies.

Thanks for the great project BTW

[AsaAyers]

👍 I think that's a good plan. If you can reduce the scope and open another PR, I will work on getting it merged and released over the next couple days. I'll coordinate getting a release out and adding some messaging that CoffeeLint is not actively maintained.