Heads up: 2.20.6 breaks semver

[mal]

The upgrade of jsonpointer from 4.x to 5.x in the last patch release bumps the node version requirement as it makes use of the const and of keywords. I appreciate that this only applies to long dead versions of node, but worth being aware of none the less. 🙂

Discovered as the azure-storage module has had (~2.0.0) an indirect dependency on this module, and now tanks on previously supported versions of node. The dependency chain also includes several deprecated modules along the way.

[...]/node_modules/azure-storage/node_modules/request/node_modules/har-validator/node_modules/is-my-json-valid/node_modules/jsonpointer/jsonpointer.js:55
    for (const part of pointer) {
                    ^^
SyntaxError: Unexpected identifier

This probably isn't anything that requires action, everything involved upstream is already shaky and the node versions impacted have long since been EoL. Just a heads up in case anyone else ends up here.

[LinusU]

Really sorry for not answering earlier, this has been in my inbox for way too long!

Unfortunately, bumping to 5.x was to fix a security vulnerability so I would prefer not to downgrade and release a new version. On the other hand, I never think breaking semver is okay so this is very unfortunate.

This probably isn't anything that requires action, everything involved upstream is already shaky and the node versions impacted have long since been EoL. Just a heads up in case anyone else ends up here.

Since no one else has commented this doesn't seem to affect too many people, so I think that we'll hold off on any action for now. But I'll leave this open so that more people can comment!