You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As you may have seen, make-dir 3.x depends on an older version of semver that now has security reports against it (specifically it depends on 6.x). make-dir 4.x supports semver 7.x, which has been fixed (in 7.5.3).
As far as I can tell the only breaking change in make-dir 4.x is requiring a newer version of Node, meaning that (in theory at least) it's maybe possible for configstore to allow both versions.
I realise that configstore is now at 6.x, however that comes with a fairly significant (if justified) breaking change of its own (moving to ESM). This means that many consumers (for me it's cspell, streetsidesoftware/cspell#4594) are stuck on 5.x until they similarly move to ESM.
Would you be willing to release a version of configstore 5.x which has a relaxed requirement on make-dir to allow 4.x (as well as 3.x so that configstore doesn't force a Node bump on users1).
I've limited experience with node packaging, so I'm not actually sure if what I'm suggesting here is possible - please do say if not! (I'm more familiar with Python, where I know it would be).
I'd offer to put together a PR, though given the hopefully tiny size of this change I'm not sure that's helpful?
Footnotes
For clarity - I'm not using an old version of Node, though I imagine some users could be and that you'd rather not put a breaking change in a bugfix release. ↩
The text was updated successfully, but these errors were encountered:
As you may have seen,
make-dir
3.x depends on an older version ofsemver
that now has security reports against it (specifically it depends on 6.x).make-dir
4.x supportssemver
7.x, which has been fixed (in 7.5.3).As far as I can tell the only breaking change in
make-dir
4.x is requiring a newer version of Node, meaning that (in theory at least) it's maybe possible forconfigstore
to allow both versions.I realise that
configstore
is now at 6.x, however that comes with a fairly significant (if justified) breaking change of its own (moving to ESM). This means that many consumers (for me it'scspell
, streetsidesoftware/cspell#4594) are stuck on 5.x until they similarly move to ESM.Would you be willing to release a version of
configstore
5.x which has a relaxed requirement onmake-dir
to allow 4.x (as well as 3.x so thatconfigstore
doesn't force a Node bump on users1).I've limited experience with node packaging, so I'm not actually sure if what I'm suggesting here is possible - please do say if not! (I'm more familiar with Python, where I know it would be).
I'd offer to put together a PR, though given the hopefully tiny size of this change I'm not sure that's helpful?
Footnotes
For clarity - I'm not using an old version of Node, though I imagine some users could be and that you'd rather not put a breaking change in a bugfix release. ↩
The text was updated successfully, but these errors were encountered: