Relax 5.x version requirement on make-dir to allow 4.x (as well as 3.x)?

[PeterJCLaw]

As you may have seen, make-dir 3.x depends on an older version of semver that now has security reports against it (specifically it depends on 6.x). make-dir 4.x supports semver 7.x, which has been fixed (in 7.5.3).

As far as I can tell the only breaking change in make-dir 4.x is requiring a newer version of Node, meaning that (in theory at least) it's maybe possible for configstore to allow both versions.

I realise that configstore is now at 6.x, however that comes with a fairly significant (if justified) breaking change of its own (moving to ESM). This means that many consumers (for me it's cspell, streetsidesoftware/cspell#4594) are stuck on 5.x until they similarly move to ESM.

Would you be willing to release a version of configstore 5.x which has a relaxed requirement on make-dir to allow 4.x (as well as 3.x so that configstore doesn't force a Node bump on users¹).

I've limited experience with node packaging, so I'm not actually sure if what I'm suggesting here is possible - please do say if not! (I'm more familiar with Python, where I know it would be).

I'd offer to put together a PR, though given the hopefully tiny size of this change I'm not sure that's helpful?

Footnotes

1. For clarity - I'm not using an old version of Node, though I imagine some users could be and that you'd rather not put a breaking change in a bugfix release. ↩

[sindresorhus]

sindresorhus/make-dir#43 (comment)