yeoman / configstore

Easily load and persist config without having to think about where and how
BSD 2-Clause "Simplified" License
868 stars 56 forks source link

Relax 5.x version requirement on make-dir to allow 4.x (as well as 3.x)? #89

Closed PeterJCLaw closed 1 year ago

PeterJCLaw commented 1 year ago

As you may have seen, make-dir 3.x depends on an older version of semver that now has security reports against it (specifically it depends on 6.x). make-dir 4.x supports semver 7.x, which has been fixed (in 7.5.3).

As far as I can tell the only breaking change in make-dir 4.x is requiring a newer version of Node, meaning that (in theory at least) it's maybe possible for configstore to allow both versions.

I realise that configstore is now at 6.x, however that comes with a fairly significant (if justified) breaking change of its own (moving to ESM). This means that many consumers (for me it's cspell, https://github.com/streetsidesoftware/cspell/issues/4594) are stuck on 5.x until they similarly move to ESM.

Would you be willing to release a version of configstore 5.x which has a relaxed requirement on make-dir to allow 4.x (as well as 3.x so that configstore doesn't force a Node bump on users[^1]).

I've limited experience with node packaging, so I'm not actually sure if what I'm suggesting here is possible - please do say if not! (I'm more familiar with Python, where I know it would be).

I'd offer to put together a PR, though given the hopefully tiny size of this change I'm not sure that's helpful?

[^1]: For clarity - I'm not using an old version of Node, though I imagine some users could be and that you'd rather not put a breaking change in a bugfix release.

sindresorhus commented 1 year ago

https://github.com/sindresorhus/make-dir/issues/43#issuecomment-1619260255