Skip to content

fix(less): upgrade make-dir to v4 to fix security vulnerability#4250

Closed
jorenbroekema wants to merge 1 commit into
less:masterfrom
jorenbroekema:fix-makedir
Closed

fix(less): upgrade make-dir to v4 to fix security vulnerability#4250
jorenbroekema wants to merge 1 commit into
less:masterfrom
jorenbroekema:fix-makedir

Conversation

@jorenbroekema

@jorenbroekema jorenbroekema commented Dec 7, 2023

Copy link
Copy Markdown
Contributor

fixes #3806

What:

Bump make-dir to v4

Why:

There is a security vulnerability in make-dir v2:

$ npm ls semver  
less@4.1.3 project
└─┬ make-dir@2.1.0
       └── semver@5.7.1

Which is fixed in the latest make-dir v4

Checklist:

  • Documentation N\A
  • Added/updated unit tests N\A
  • Code complete N\A

@iChenLei

iChenLei commented Dec 7, 2023

Copy link
Copy Markdown
Member

Thank you.

@SandeepJoel

Copy link
Copy Markdown

@iChenLei and @matthew-dean Is there any update on when this PR will be reviewed and merged ? Because the latest versions of packages/less also has this semver vulnerability through old version of make-dir ?

@matthew-dean

Copy link
Copy Markdown
Member

Closing - stale (2+ years) with conflicts. Dependency security updates should be done fresh against current master.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Update make-dir to resolve vulnerable dependency

4 participants