Bump read-pkg to v6, make other changes for linting to pass

[kachkaev]

In scope:

• Fix CVE-2021-23362 in hosted-git-info #204 (CVE-2021-23362)
• Replace require("read-pkg") with await import("read-pkg") because read-pkg@v6 is esm-only
• Upgrade eslint from ^4.19.1 to ^6.8.0 and replace "eslint-config-mysticatea": "^12.0.0" with "@mysticatea/eslint-plugin": "^13.0.0" to support syntax parsing for await import()
• Make tweaks throughout the codebase for npm run test to pass (mostly to do with new ESLint rules)

Out of scope

Bump more deps to fix all dev package vulnerabilities. There are still quite a few:

npm audit
# found 173 vulnerabilities (118 low, 1 moderate, 53 high, 1 critical) in 659 scanned packages

npm audit --prod
# found 0 vulnerabilities

Breaking

Node versions in packge.json engines is now: ^12.17 || >= 14 (was >= 4)

[kachkaev]

Not sure what’s wrong, but I’m seeing this in AppVeyor:

> npm-run-all@4.1.5 _mocha C:\projects\npm-run-all
> mocha "test/*.js" --timeout 120000
internal/modules/cjs/loader.js:818
  throw err;
  ^
Error: Cannot find module 'C:\projects\npm-run-all\node'
    at Function.Module._resolveFilename (internal/modules/cjs/loader.js:815:15)
    at Function.Module._load (internal/modules/cjs/loader.js:667:27)
    at Function.executeUserEntryPoint [as runMain] (internal/modules/run_main.js:60:12)
    at internal/main/run_main_module.js:17:47 {
  code: 'MODULE_NOT_FOUND',
  requireStack: []
}
npm ERR! code ELIFECYCLE
npm ERR! errno 1
npm ERR! npm-run-all@4.1.5 _mocha: `mocha "test/*.js" --timeout 120000`
npm ERR! Exit status 1
npm ERR! 
npm ERR! Failed at the npm-run-all@4.1.5 _mocha script.
npm ERR! This is probably not a prob

This error does not make sense at all: Cannot find module 'C:\projects\npm-run-all\node'. Tests pass locally on macOS.

[kachkaev]

👋 @mysticatea what are your thoughts on the failing AppVeyor?

[kachkaev]

@mysticatea 👋🙏

[SayakMukhopadhyay]

@kachkaev There is a fork at https://github.com/bcomnes/npm-run-all2. I am myself not sure whether to use this or the forked package but it seems like the fork is well updated. Could you check if your changes in this PR are also present in that fork. Then maybe @mysticatea can get the changes from the fork.

Also, @mysticatea it would be great if you went through the PRs. Or if you don't want to maintain, maybe you can deprecate this project or hand it over to another maintainer so that existing users know what to use. Looking forward to a response.

[kachkaev]

@mysticatea 👋😅

[kachkaev]

I deleted the fork to clean up the list of my repos. Feel free to re-use the diff in this PR though!