fix: 2020/03 npm update dependencies

[yumetodo]

update too many dependencies

• eslinter is outdated. Currently, eslint has an option to cache. so we use eslint directly.
• apply eslint-plugin-mocha
• esbeautifier is outdated. Prettier is a famous tool to format. Apply Prettier.
• apply npm audit fix(1 vulnerability required manual review and could not be updated)
• breaking change: drop support node.js < 10 in develop
• breaking change: update write to 2.0.0 to avoid minimist's vulnerability (See #47 and changelog for detail)

[diegoh]

Hey @yumetodo, Do you reckon this need a major version bump given that it isn't backwards compatible? Just to be on the safe side. There might be other packages that depend on flat-cache running deprecated versions of node that would break.

[yumetodo]

Yes.

I just now noticed that write request node>=10. https://github.com/jonschlinkert/write/commit/e996f212fc94bc6ae4f338af91aa5972d4c0fea6 This is breaking change.

So, Major version bump is required to follow Semantic Versioning 2.0 spec.

[diegoh]

Hey @royriojas, a gentle reminder of this PR, do you think this could be reviewed? Still needs a major bump, just putting it in your radar.

[yumetodo]

BTW, you should stop using istanbul. it is no longer maintained. optimist is deprecated and not maintained. https://github.com/substack/node-optimist/issues/152

$npm ls minimist
flat-cache@2.0.1 C:\msys64\home\yumetodo\flat-cache
+-- eslint@6.8.0
| `-- mkdirp@0.5.4
|   `-- minimist@1.2.5
+-- istanbul@0.4.5
| `-- handlebars@4.7.3
|   `-- optimist@0.6.1
|     `-- minimist@0.0.10
`-- mocha@7.1.1
  `-- mkdirp@0.5.3
    `-- minimist@1.2.5

edit: I noticed that handlebars 4.x develop is still continued. watch https://github.com/wycats/handlebars.js/pull/1666

[yumetodo]

reduced vulnerability report to only 1!

$npm audit

                       === npm audit security report ===                        

                                 Manual Review                                  
             Some vulnerabilities require your attention to resolve             

          Visit https://go.npm.me/audit-guide for additional guidance           

  Low             Prototype Pollution                                           

  Package         minimist                                                      

  Patched in      >=0.2.1 <1.0.0 || >=1.2.3                                     

  Dependency of   istanbul [dev]                                                

  Path            istanbul > handlebars > optimist > minimist                   

  More info       https://npmjs.com/advisories/1179                             

found 1 low severity vulnerability in 818 scanned packages
  1 vulnerability requires manual review. See the full report for details.

[SuperITMan]

This seems really nice! Thanks for your work 👍 Small detail but since we are talking about breaking changes and major version for next release, maybe you could change the engines in the "package.json". See: https://docs.npmjs.com/files/package.json#engines

I suggest to change this for:

"engines": {
  "node": ">=10"
}

What do you think @yumetodo ?

Let's hope @royriojas will have the occasion to check and merge this PR and do a new release 😊

[royriojas]

hey @SuperITMan

Sorry I didn't had time these days to review this changes. I will review later today

[yumetodo]

About write update:

In this project, write.sync is an only use case and it was not changed by write's major update.

[SuperITMan]

Hey @royriojas Would you have a moment to have a look on this PR and maybe merge it + release a new version of flat-cache and flat-entry-cache ? :crossed_fingers:

Thanks for your time :blush: