[Snyk] Upgrade semver from 7.0.0 to 7.5.3

[Dex9999]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade semver from 7.0.0 to 7.5.3.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 22 versions ahead of your current version.
• The recommended version was released 24 days ago, on 2023-06-22.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: semver

• 7.5.3 - 2023-06-22
  

  7.5.3 (2023-06-22)

  Bug Fixes

  • abdd93d #571 set max lengths in regex for numeric and build identifiers (#571) (@ lukekarrys)

  Documentation

  • bf53dd8 #569 add example for > comparator (#569) (@ mbtools)
• 7.5.2 - 2023-06-15
  

  7.5.2 (2023-06-15)

  Bug Fixes

  • 58c791f #566 diff when detecting major change from prerelease (#566) (@ lukekarrys)
  • 5c8efbc #565 preserve build in raw after inc (#565) (@ lukekarrys)
  • 717534e #564 better handling of whitespace (#564) (@ lukekarrys)
• 7.5.1 - 2023-05-12
  

  7.5.1 (2023-05-12)

  Bug Fixes

  • d30d25a #559 show type on invalid semver error (#559) (@ tjenkinson)
• 7.5.0 - 2023-04-17
  

  7.5.0 (2023-04-17)

  Features

  • 503a4e5 #548 allow identifierBase to be false (#548) (@ lsvalina)

  Bug Fixes

  • e219bb4 #552 throw on bad version with correct error message (#552) (@ wraithgar)
  • fc2f3df #546 incorrect results from diff sometimes with prerelease versions (#546) (@ tjenkinson)
  • 2781767 #547 avoid re-instantiating SemVer during diff compare (#547) (@ macno)
• 7.4.0 - 2023-04-10
  

  7.4.0 (2023-04-10)

  Features

  • 113f513 #532 identifierBase parameter for .inc (#532) (@ wraithgar, @ b-bly)
  • 48d8f8f #530 export new RELEASE_TYPES constant (@ hcharley)

  Bug Fixes

  • 940723d #538 intersects with v0.0.0 and v0.0.0-0 (#538) (@ wraithgar)
  • aa516b5 #535 faster parse options (#535) (@ H4ad)
  • 61e6ea1 #536 faster cache key factory for range (#536) (@ H4ad)
  • f8b8b61 #541 optimistic parse (#541) (@ H4ad)
  • 796cbe2 #533 semver.diff prerelease to release recognition (#533) (@ wraithgar, @ dominique-blockchain)
  • 3f222b1 #537 reuse comparators on subset (#537) (@ H4ad)
  • f66cc45 #539 faster diff (#539) (@ H4ad)

  Documentation

  • c5d29df #530 Add "Constants" section to README (@ hcharley)
• 7.3.8 - 2022-10-04
  

  7.3.8 (2022-10-04)

  Bug Fixes

  • d8ef32c #383 add support for node.js esm auto exports (#383) (@ MylesBorins)

  Documentation

  • 7209b14 #477 update range.js comments to clarify the caret ranges examples (#477) (@ amitse)
• 7.3.7 - 2022-04-12
  

  7.3.7 (2022-04-11)

  Bug Fixes

  • allow node >=10 (85b269a)
  • bin: get correct value from arg separated by equals (#449) (4ceca76), closes #431
  • ensure SemVer instance passed to inc are not modified (#427) (f070dde)
  • inc prerelease with numeric preid (#380) (802e161)

  Dependencies

  • revert to lru-cache@6 (22ae54d)
• 7.3.6 - 2022-04-06
  

  7.3.6 (2022-04-05)

  Bug Fixes

  • #329 (cb1ca1d)
  • properly escape dots in GTE0 regexes (#432) (11494f1)
  • replace deprecated String.prototype.substr() (#445) (e2d55e7)
  • replace regex used to split ranges (#434) (9ab7b71)

  Documentation

  • clarify * range behavior (cb1ca1d)

  Dependencies

  • [email protected] (#442) (9a3064c)
  • [email protected] (#439) (60cbb3f)
• 7.3.5 - 2021-03-23
  

  7.3.5

• 7.3.4 - 2020-12-01
  

  7.3.4

• 7.3.3 - 2020-12-01
• 7.3.2 - 2020-04-14
• 7.3.1 - 2020-04-14
• 7.3.0 - 2020-04-14
• 7.2.3 - 2020-04-13
• 7.2.2 - 2020-04-10
• 7.2.1 - 2020-04-06
• 7.2.0 - 2020-04-06
• 7.1.3 - 2020-02-11
• 7.1.2 - 2020-01-31
• 7.1.1 - 2019-12-17
• 7.1.0 - 2019-12-17
• 7.0.0 - 2019-12-14

from semver GitHub release notes

Commit messages

Package name: semver

• 7fdf1ef chore: release 7.5.3
• bf53dd8 docs: add example for `>` comparator (#569)
• abdd93d fix: set max lengths in regex for numeric and build identifiers (#571)
• e7b78de chore: release 7.5.2
• 58c791f fix: diff when detecting major change from prerelease (#566)
• 5c8efbc fix: preserve build in raw after inc (#565)
• 717534e fix: better handling of whitespace (#564)
• 2f738e9 chore: bump @ npmcli/template-oss from 4.14.1 to 4.15.1 (#558)
• aa016a6 chore: release 7.5.1
• d30d25a fix: show type on invalid semver error (#559)
• 09c69e2 chore: bump @ npmcli/template-oss from 4.13.0 to 4.14.1 (#555)
• 5b02ad7 chore: release 7.5.0
• e219bb4 fix: throw on bad version with correct error message (#552)
• 503a4e5 feat: allow identifierBase to be false (#548)
• fc2f3df fix: incorrect results from diff sometimes with prerelease versions (#546)
• 2781767 fix: avoid re-instantiating SemVer during diff compare (#547)
• 82aa7f6 chore: release 7.4.0
• 731d896 chore: enable CD (#545)
• 940723d fix: intersects with v0.0.0 and v0.0.0-0 (#538)
• aa516b5 fix: faster parse options (#535)
• 61e6ea1 fix: faster cache key factory for range (#536)
• f8b8b61 fix: optimistic parse (#541)
• 796cbe2 fix: semver.diff prerelease to release recognition (#533)
• 3f222b1 fix: reuse comparators on subset (#537)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
alg	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Jul 16, 2023 11:07pm