swap in yargs for optimist and patch a few other security vulnerabilities

[jgravois]

hi there! 👋

no offense taken if you aren't interested in this unsolicited pull request, but i thought i'd take a stab at resolving a few (possible) security vulnerabilities in my own upstream project.

before:

found 184 vulnerabilities (122 low, 7 moderate, 54 high, 1 critical)

after:

found 3 low severity vulnerabilities

this led to a few minor improvements in the help output.

before:

john@computer browser-run (yargs) $ ./bin/bin.js -h
Run JavaScript in a browser.
Write code to stdin and receive console output on stdout.
Usage: bin.js [OPTIONS]

Options:
  --browser, -b  Browser to use. Always available: electron. Available if installed: chrome, firefox, ie, safari  [default: "electron"]
  --port         Starts listening on that port and waits for you to open a browser
  --static       Serve static assets from this directory
  --mock         Path to code to handle requests for mocking a dynamic back-end
  --input        Input type. Defaults to 'javascript', can be set to 'html'.
  --node         Enable nodejs apis in electron
  --basedir      Set this if you need to require node modules in node mode
  --help         Print help

after: (alphabetized, more aliases, new version option)

john@computer browser-run (yargs) $ ./bin/bin.js -h
Run JavaScript in a browser.
Write code to stdin and receive console output on stdout.
Usage: bin.js [OPTIONS]

Options:
      --version  Show version number                                   [boolean]
  -b, --browser  Browser to use. Always available: electron. Available if
                 installed: chrome, firefox, ie, safari    [default: "electron"]
      --basedir  Set this if you need to require node modules in node mode
  -h, --help     Print help                                            [boolean]
  -p, --port     Starts listening on that port and waits for you to open a
                 browser
  -s, --static   Serve static assets from this directory
  -m, --mock     Path to code to handle requests for mocking a dynamic back-end
  -i, --input    Input type. Defaults to 'javascript', can be set to 'html'.
  -n, --node     Enable nodejs apis in electron

and the TAP output now displays code coverage

  🌈 SUMMARY RESULTS 🌈

Suites:   8 passed, 8 of 8 completed
Asserts:  19 passed, of 19
Time:     17s
-----------------|----------|----------|----------|----------|-------------------|
File             |  % Stmts | % Branch |  % Funcs |  % Lines | Uncovered Line #s |
-----------------|----------|----------|----------|----------|-------------------|
All files        |    89.91 |    73.08 |    91.67 |    91.75 |                   |
 browser-run     |    89.13 |    71.74 |       90 |    90.12 |                   |
  index.js       |    89.13 |    71.74 |       90 |    90.12 |... 69,80,81,84,91 |
 browser-run/bin |      100 |      100 |      100 |      100 |                   |
  bin.js         |      100 |      100 |      100 |      100 |                   |
 browser-run/lib |    92.31 |    83.33 |      100 |      100 |                   |
  launch.js      |    92.31 |    83.33 |      100 |      100 |                15 |
-----------------|----------|----------|----------|----------|-------------------|

either way, thanks for your work on this project! 🙏

[jgravois]

turns out yargs@16 dropped support for node 8. if that's important here i can look into using the previous version instead.

https://travis-ci.com/github/jgravois/browser-run/builds/212938103

[jgravois]

Feel free to drop node 8 from CI

👍 done in 2de8743. if you'd like me to squash down the commits i appended, just say the word.

[jgravois]

i'm not sure why Travis results aren't appearing here, but tests are definitely passing now.

https://travis-ci.com/github/jgravois/browser-run/builds/213034533

[juliangruber]

https://github.com/juliangruber/browser-run/releases/tag/v9.0.0 :raised_hands:

[jgravois]

thanks so much! 🌮🦖🎉