New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
mkdirp needs another update (to 0.5.4 or better yet, to a still newer 0.5.5) #4217
Comments
I have
|
@hfiguiere : mkdirp was pegged earlier at 0.5.1, and apparently fixed to 0.5.3 per #4206 by @juergba but shortly thereafter there was another mkdirp patch bringing it to 0.5.4. |
Exactly, so if there could be |
Apologies, it looks like |
So no chance this happen for |
I am not part of the project, so you'd need to file another issue if you wanted them to back-port security fixes for older mocha versions. I'm personally happy just upgrading to the latest 7.* mocha. |
@juergba : Could you put out a new release for the 7 branch to include the latest mkdirp bump (0.5.4+) |
I've created #4220 requesting the update be backported to the 5.2.x branch. |
Are you referencing the wrong issue or PR, @G-Rath? That looks like it is about the TeamCity reporter, while this is about mkdirp. |
There is now also a 0.5.5 release: https://github.com/isaacs/node-mkdirp/commits/v0.5.5 (removing a deprecated Node feature). |
@brettz9 yes good catch; that's the issue number for its sister issue over in I've updated my original title, cheers. |
Can't we upgrade to 1.0.4 to prevent this message?
|
closed by #4222. |
Prerequisites
faq
labelnode node_modules/.bin/mocha --version
(Local) andmocha --version
(Global). We recommend that you not install Mocha globally.Description
mkdirp
needs still another update (now at 0.5.4, fixing an infinite loop issue on Windows: https://github.com/isaacs/node-mkdirp/commits/v0.5.4 ).Steps to Reproduce
Expected behavior: [What you expect to happen]
Avoid a buggy version.
Actual behavior: [What actually happens]
Getting the old buggy version.
Reproduces how often: [What percentage of the time does it reproduce?]
Always since package.json is pegged to 0.5.3.
Versions
mocha --version
andnode node_modules/.bin/mocha --version
:Current: 7.1.1.
Additional Information
The text was updated successfully, but these errors were encountered: