There's a dependency from make-dir to a version of semver which has a ReDOS issue. While it's unlikely to be an issue for us this fixes a dependabot report, which makes things easier.
If we're happy with this I'll do the same to our other repos which use cspell.
There's a dependency from
make-dir
to a version ofsemver
which has a ReDOS issue. While it's unlikely to be an issue for us this fixes a dependabot report, which makes things easier.If we're happy with this I'll do the same to our other repos which use
cspell
.This avoids waiting for the upstream to update, which given the move of
confistore
to ESM, may take some time. https://github.com/streetsidesoftware/cspell/issues/4594 records the upstream issue which we're working around.Builds on #514.