There's a dependency from make-dir to a version of semver which has a ReDOS issue. While it's unlikely to be an issue for us this fixes a dependabot report, which makes things easier.
If we're happy with this I'll do the same to our other repos which use cspell.
There's a dependency from
make-dirto a version ofsemverwhich has a ReDOS issue. While it's unlikely to be an issue for us this fixes a dependabot report, which makes things easier.If we're happy with this I'll do the same to our other repos which use
cspell.This avoids waiting for the upstream to update, which given the move of
confistoreto ESM, may take some time. https://github.com/streetsidesoftware/cspell/issues/4594 records the upstream issue which we're working around.Builds on #514.