less.js fix(less): upgrade make-dir to v4 to fix security vulnerability

fix(less): upgrade make-dir to v4 to fix security vulnerability

Open jorenbroekema opened this issue 1 year ago • 2 comments

fixes https://github.com/less/less.js/issues/3806

What:

Bump make-dir to v4

Why:

There is a security vulnerability in make-dir v2:

$ npm ls semver  
[email protected] project
└─┬ [email protected]
       └── [email protected]

Which is fixed in the latest make-dir v4

Checklist:

[x] Documentation N\A
[x] Added/updated unit tests N\A
[x] Code complete N\A

Dec 07 '23 13:12 jorenbroekema

Thank you.

Dec 07 '23 13:12 iChenLei

@iChenLei and @matthew-dean Is there any update on when this PR will be reviewed and merged ? Because the latest versions of packages/less also has this semver vulnerability through old version of make-dir ?

Feb 13 '24 11:02 SandeepJoel

less.js less.js copied to clipboard

fix(less): upgrade make-dir to v4 to fix security vulnerability

less.js
less.js copied to clipboard