As you may have seen, make-dir 3.x depends on an older version of semver that now has security reports against it (specifically it depends on 6.x). make-dir 4.x supports semver 7.x, which has been fixed (in 7.5.3).
As far as I can tell the only breaking change in make-dir 4.x is requiring a newer version of Node, meaning that (in theory at least) it's maybe possible for configstore to allow both versions.
I realise that configstore is now at 6.x, however that comes with a fairly significant (if justified) breaking change of its own (moving to ESM). This means that many consumers (for me it's cspell, https://github.com/streetsidesoftware/cspell/issues/4594) are stuck on 5.x until they similarly move to ESM.
Would you be willing to release a version of configstore 5.x which has a relaxed requirement on make-dir to allow 4.x (as well as 3.x so that configstore doesn't force a Node bump on users[^1]).
I've limited experience with node packaging, so I'm not actually sure if what I'm suggesting here is possible - please do say if not! (I'm more familiar with Python, where I know it would be).
I'd offer to put together a PR, though given the hopefully tiny size of this change I'm not sure that's helpful?
[^1]: For clarity - I'm not using an old version of Node, though I imagine some users could be and that you'd rather not put a breaking change in a bugfix release.
sindresorhus
commented
1 year ago
As you may have seen,
make-dir3.x depends on an older version ofsemverthat now has security reports against it (specifically it depends on 6.x).make-dir4.x supportssemver7.x, which has been fixed (in 7.5.3).As far as I can tell the only breaking change in
make-dir4.x is requiring a newer version of Node, meaning that (in theory at least) it's maybe possible forconfigstoreto allow both versions.I realise that
configstoreis now at 6.x, however that comes with a fairly significant (if justified) breaking change of its own (moving to ESM). This means that many consumers (for me it'scspell, https://github.com/streetsidesoftware/cspell/issues/4594) are stuck on 5.x until they similarly move to ESM.Would you be willing to release a version of
configstore5.x which has a relaxed requirement onmake-dirto allow 4.x (as well as 3.x so thatconfigstoredoesn't force a Node bump on users[^1]).I've limited experience with node packaging, so I'm not actually sure if what I'm suggesting here is possible - please do say if not! (I'm more familiar with Python, where I know it would be).
I'd offer to put together a PR, though given the hopefully tiny size of this change I'm not sure that's helpful?
[^1]: For clarity - I'm not using an old version of Node, though I imagine some users could be and that you'd rather not put a breaking change in a bugfix release.