Fix #108 - Bumping up mkdirp version to 0.5.5

http-party / node-portfinder

A simple tool to find an open port or domain socket on the current machine

https://github.com/http-party/node-portfinder

Other

887 stars 95 forks source link

Fix #108 - Bumping up mkdirp version to 0.5.5 #109

Closed LostInBrittany closed 4 years ago

LostInBrittany commented 4 years ago

Hi!

I see that in PR #101 you bumped-up the version of mkdirp to 0.5.5 which in turn updates minimist to 1.2.5 which addresses https://www.npmjs.com/advisories/1179

Problem is that this PR only updated package-lock.json and not package.json that remains at 0.5.1. As package.json still depends on mkdirp 0.5.1, when we get node-portfinder as a dependency, we still get an old version of minimist.

LostInBrittany commented 4 years ago

I didn't understand why Travis failed, as it didn't fail on my fork. So I closed the PR and reopened it to force a new Travis check, and it passed 👍