From 555f033f05a6af427349af331d56f84691c19a32 Mon Sep 17 00:00:00 2001
From: Evan Plaice <evanplaice@gmail.com>
Date: Sun, 15 Mar 2020 18:37:45 -0600
Subject: [PATCH] Fix: Backport removal of mkdirp to 6.x (fixes #13050)

* the CVE is caused by the mkdirp dependency
* mkdirp is no longer supported
* mkdirp has been removed as of 7.0.0-alpha0
* this back-ports the change to v6.x
---
 lib/cli.js   | 3 +--
 package.json | 1 -
 2 files changed, 1 insertion(+), 3 deletions(-)

diff --git a/lib/cli.js b/lib/cli.js
index 944b4b79353..815ce68c22f 100644
--- a/lib/cli.js
+++ b/lib/cli.js
@@ -17,7 +17,6 @@
 
 const fs = require("fs"),
     path = require("path"),
-    mkdirp = require("mkdirp"),
     { CLIEngine } = require("./cli-engine"),
     options = require("./options"),
     log = require("./shared/logging"),
@@ -115,7 +114,7 @@ function printResults(engine, results, format, outputFile) {
             }
 
             try {
-                mkdirp.sync(path.dirname(filePath));
+                fs.mkdirSync(path.dirname(filePath), { recursive: true });
                 fs.writeFileSync(filePath, output);
             } catch (ex) {
                 log.error("There was a problem writing the output file:\n%s", ex);
diff --git a/package.json b/package.json
index ccb76c18b26..412974ea11e 100644
--- a/package.json
+++ b/package.json
@@ -72,7 +72,6 @@
     "levn": "^0.3.0",
     "lodash": "^4.17.14",
     "minimatch": "^3.0.4",
-    "mkdirp": "^0.5.1",
     "natural-compare": "^1.4.0",
     "optionator": "^0.8.3",
     "progress": "^2.0.0",