From 864ec3ae750168d4733419692d5250d73c9f182d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 26 Jan 2026 20:01:17 +0000
Subject: [PATCH 1/2] Bump mkdirp from 0.5.6 to 3.0.1

Bumps [mkdirp](https://github.com/isaacs/node-mkdirp) from 0.5.6 to 3.0.1.
- [Changelog](https://github.com/isaacs/node-mkdirp/blob/main/CHANGELOG.md)
- [Commits](https://github.com/isaacs/node-mkdirp/compare/v0.5.6...v3.0.1)

---
updated-dependencies:
- dependency-name: mkdirp
  dependency-version: 3.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 package-lock.json | 30 ++++++++++++++++++++++++------
 package.json      |  2 +-
 2 files changed, 25 insertions(+), 7 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index cf0bfb2b..8aa818fd 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -40,7 +40,7 @@
         "lodash": "^4.17.23",
         "luxon": "^3.7.2",
         "memory-cache": "^0.2.0",
-        "mkdirp": "^0.5.1",
+        "mkdirp": "^3.0.1",
         "morgan": "^1.10.1",
         "node-html-parser": "^5.3.3",
         "node-uuid": "^1.4.8",
@@ -5195,13 +5195,18 @@
       }
     },
     "node_modules/mkdirp": {
-      "version": "0.5.6",
+      "version": "3.0.1",
+      "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-3.0.1.tgz",
+      "integrity": "sha512-+NsyUUAZDmo6YVHzL/stxSu3t9YS1iljliy3BSDrXJ/dkn1KYdmtZODGGjLcc9XLgVVpH4KshHB8XmZgMhaBXg==",
       "license": "MIT",
-      "dependencies": {
-        "minimist": "^1.2.6"
-      },
       "bin": {
-        "mkdirp": "bin/cmd.js"
+        "mkdirp": "dist/cjs/src/bin.js"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/isaacs"
       }
     },
     "node_modules/mocha": {
@@ -6349,6 +6354,19 @@
         "ms": "^2.1.1"
       }
     },
+    "node_modules/portfinder/node_modules/mkdirp": {
+      "version": "0.5.6",
+      "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-0.5.6.tgz",
+      "integrity": "sha512-FP+p8RB8OWpF3YZBCrP5gtADmtXApB5AMLn+vdyA+PyxCjrCs00mjyUozssO33cwDeT3wNGdLxJ5M//YqtHAJw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "minimist": "^1.2.6"
+      },
+      "bin": {
+        "mkdirp": "bin/cmd.js"
+      }
+    },
     "node_modules/possible-typed-array-names": {
       "version": "1.1.0",
       "license": "MIT",
diff --git a/package.json b/package.json
index 3940be41..83ed55f6 100644
--- a/package.json
+++ b/package.json
@@ -65,7 +65,7 @@
     "lodash": "^4.17.23",
     "luxon": "^3.7.2",
     "memory-cache": "^0.2.0",
-    "mkdirp": "^0.5.1",
+    "mkdirp": "^3.0.1",
     "morgan": "^1.10.1",
     "node-html-parser": "^5.3.3",
     "node-uuid": "^1.4.8",

From 784fda82a91a2a034e73411dd469008cb86b04ed Mon Sep 17 00:00:00 2001
From: Jamie Magee <jamie.magee@gmail.com>
Date: Mon, 26 Jan 2026 12:56:11 -0800
Subject: [PATCH 2/2] fix: update mkdirp usage to match v3 API

---
 ghcrawler/providers/storage/file.js | 4 ++--
 providers/fetch/nugetFetch.js       | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/ghcrawler/providers/storage/file.js b/ghcrawler/providers/storage/file.js
index b38c48c7..f549bed8 100644
--- a/ghcrawler/providers/storage/file.js
+++ b/ghcrawler/providers/storage/file.js
@@ -3,7 +3,7 @@
 
 const fs = require('fs')
 const path = require('path')
-const mkdirp = require('mkdirp')
+const { mkdirpSync } = require('mkdirp')
 
 // TODO finish the implementation of the relevant methods
 
@@ -22,7 +22,7 @@ class FileStore {
     // const type = document._metadata.type
     const urn = document._metadata.links.self.href
     const filePath = this._getPath(urn)
-    mkdirp.sync(path.dirname(filePath))
+    mkdirpSync(path.dirname(filePath))
     return new Promise((resolve, reject) =>
       fs.writeFile(filePath, JSON.stringify(document, null, 2), error => (error ? reject(error) : resolve(document)))
     )
diff --git a/providers/fetch/nugetFetch.js b/providers/fetch/nugetFetch.js
index f9b5780f..7390ab4f 100644
--- a/providers/fetch/nugetFetch.js
+++ b/providers/fetch/nugetFetch.js
@@ -4,7 +4,7 @@
 const AbstractFetch = require('./abstractFetch')
 const { trimStart, clone, get } = require('lodash')
 const fs = require('fs')
-const mkdirp = require('mkdirp')
+const { mkdirp } = require('mkdirp')
 const path = require('path')
 const { promisify } = require('util')
 const requestRetry = require('requestretry').defaults({ maxAttempts: 3, fullResponse: true })
@@ -145,7 +145,7 @@ class NuGetFetch extends AbstractFetch {
   async _downloadLicense({ dirName, licenseUrl }) {
     if (licenseUrl.toLowerCase().includes('license_url_here_or_delete_this_line')) return
     const downloadedLicenseDirName = path.join(dirName, 'clearlydefined', 'downloaded')
-    await promisify(mkdirp)(downloadedLicenseDirName)
+    await mkdirp(downloadedLicenseDirName)
     const { body, statusCode } = await requestRetry.get(licenseUrl)
     if (statusCode !== 200) return
     await promisify(fs.writeFile)(path.join(downloadedLicenseDirName, 'LICENSE'), body)