New fork resolving vulnerabilities and incorporating most current PRs

Hi,

As issues had not received feedback here and the latest commit 3 years ago, I went ahead to make a fork and publish it as @brettz9/node-static.

Besides making a few of my own changes:

• (Breaking change) npm: Set engines to 10.11.0+ (allowing native URL to fix an issue and better flexibility in language features)
• Security Update/fix: Use URL constructor over deprecated url.parse; should fix Open Redirect issue https://www.npmjs.com/advisories/1207
• Optimization: ‘use strict’ directive
• Refactoring: Use safer non-prototype version of colors
• (Also some plain, dev-facing changes; see our CHANGES.md)

…the fork also incorporates the following, indicating also the PR numbers here that they close:

User-facing

• Security: Fix dependency vulnerabilities by switching from optimist to neodoc (@fidian); #222
• Security update: mime and colors (@fidian); #222
• Security update/fix: Protect fs.stat calls from bad path arguments; fixes Denial of Service issue https://www.npmjs.com/advisories/1208 (@brpvieira); #223; also avoids need for #213
• Fix: Support bytes=0-0 Range header (@prajwalkman); #167
• Fix: Avoid octal (@bgao / @Ilrilan); #187, #215 ; also avoids need for #155
• Fix: For spa, allow dots after path (@gjuchault); #204
• Enhancement: Allow access with local ip (@flyingsky); #140
• Enhancement: Allow serverInfo to be null (@martindale); #150
• Enhancement: Time display logging with leading 0 (@mauris); #154
• Enhancement: Respect static --cache 0 (@matthew-andrews); #138
• Enhancement: New option: defaultExtension (@fmalk); #173
• Enhancement: Added glob matching for setting cache headers (@lightswitch05); #183
• Docs: Fix header example (@emmanouil); #156
• Docs: Sp. (@EdwardBetts); #194

Dev-facing

• Testing: Allow tests to end (@fmalk); #173

I also made some updates/improvements to the PRs:

1. Expanded the fs.stat checking, adding one beyond that covered in the original fs.stat PR (#223), and covering the newly-added one in the defaultExtension PR (#173).
2. Updated minimatch (#183)
3. I avoided the Travis addition, as figured might use GitHub Actions if someone wants to do so.

These remaining prexisting PRs were not fully incorporated:

1. #189 - the PR for #138 allowed for disabling of cache already; if you still want the f and false aliases, feel free to file an issue
2. #184 - Looked like there were concerns
3. #177 on README improvements; I figure some would be good, but would like to continue showing output and keeping headings (useful in navigation for users of HeadingsMap type browser add-ons, as well as for accessibility in general)
4. #172 - There is no longer a need for avoiding the reserved static keyword, as I renamed the examples (to use statik).
5. #166 - I guess we could protect overwrites to writeHead, but what’s to prevent someone from rewriting setHeader? If it’s a common enough use case to overwrite writeHead, I could add the preventative measure, esp. with a test.

Remaining steps:

1. The Unauthorized File Access issue https://www.npmjs.com/advisories/1206 does not appear to be an issue per testing (if it ever was); if you can provide a test case where it fails, please report
2. I’ve added nyc for coverage, but I’m not sure that with vows, we can do binary file testing. I’m thinking whether we should switch to mocha for this (I prefer that to jest for the ecosystem). Ideally we’d get to full coverage, including the binary.