Commit 63f0636
authored
fix(deps): Update dependency semver to v7.5.2 [SECURITY] (#298)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [semver](https://togithub.com/npm/node-semver) | dependencies | patch | [`7.5.1` -> `7.5.2`](https://renovatebot.com/diffs/npm/semver/7.5.1/7.5.2) |
### GitHub Vulnerability Alerts
#### [CVE-2022-25883](https://nvd.nist.gov/vuln/detail/CVE-2022-25883)
Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.
---
### Release Notes
<details>
<summary>npm/node-semver (semver)</summary>
### [`v7.5.2`](https://togithub.com/npm/node-semver/blob/HEAD/CHANGELOG.md#​752-httpsgithubcomnpmnode-semvercomparev751v752-2023-06-15)
[Compare Source](https://togithub.com/npm/node-semver/compare/v7.5.1...v7.5.2)
##### Bug Fixes
- [`58c791f`](https://togithub.com/npm/node-semver/commit/58c791f40ba8cf4be35a5ca6644353ecd6249edc) [#​566](https://togithub.com/npm/node-semver/pull/566) diff when detecting major change from prerelease ([#​566](https://togithub.com/npm/node-semver/issues/566)) ([@​lukekarrys](https://togithub.com/lukekarrys))
- [`5c8efbc`](https://togithub.com/npm/node-semver/commit/5c8efbcb3c6c125af10746d054faff13e8c33fbd) [#​565](https://togithub.com/npm/node-semver/pull/565) preserve build in raw after inc ([#​565](https://togithub.com/npm/node-semver/issues/565)) ([@​lukekarrys](https://togithub.com/lukekarrys))
- [`717534e`](https://togithub.com/npm/node-semver/commit/717534ee353682f3bcf33e60a8af4292626d4441) [#​564](https://togithub.com/npm/node-semver/pull/564) better handling of whitespace ([#​564](https://togithub.com/npm/node-semver/issues/564)) ([@​lukekarrys](https://togithub.com/lukekarrys))
</details>
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Renovate Bot](https://togithub.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNS4xNTEuMCIsInVwZGF0ZWRJblZlciI6IjM1LjE1MS4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9-->1 parent 11b9b71 commit 63f0636
2 files changed
+8
-34
lines changedSome generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
28 | 28 | | |
29 | 29 | | |
30 | 30 | | |
31 | | - | |
| 31 | + | |
32 | 32 | | |
33 | 33 | | |
34 | 34 | | |
| |||
0 commit comments