sindresorhus
commented
1 year ago There is no make-dir dependency in the latest version. I have no plans to update older versions.
Closed ofrolenko closed 1 year ago
sindresorhus
commented
1 year ago There is no make-dir dependency in the latest version. I have no plans to update older versions.
Npm audit repost has:
npm audit report
semver <7.5.2 Severity: moderate semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw No fix available
├─┬ babel-loader@9.1.2 │ └─┬ find-cache-dir@3.3.2 │ └─┬ make-dir@3.1.0 │ └── semver@6.3.0
make-dir package has new version 4.0.0 with fixed this vulnerability, but I can't update it for find-cache-dir because it doesn't allow update a major version. Could you fix it in your project?