Closed eps1lon closed 4 years ago
@matthew-dean can you prioritise this fix and a new release please? we are getting security warnings in all of our repos that use less.js because of the deprecated/vulnerable mkdirp dependency.
@alansemenov Released!
Closes #3487
minimist
has the vulnerability. By removingmkdirp@0.x
(which is deprecated anyway) we get rid ofminimist
.Note that we already have to use an outdated version of
make-dir
since less supports node 6 (has reached end-of-life a year ago) whilemake-dir@latest
only supports node 8 (which also reached end-of-life since end of last year).