-
Notifications
You must be signed in to change notification settings - Fork 10
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update dependency semver to v7.5.2 [SECURITY] #416
Conversation
|
f40c6b4
to
4c7989c
Compare
Pull request was closed
4c7989c
to
959c24b
Compare
959c24b
to
c2d0939
Compare
c2d0939
to
c966fbc
Compare
c966fbc
to
177c693
Compare
Superseded by keystonejs/keystone#9102 |
Renovate Ignore NotificationBecause you closed this PR without merging, Renovate will ignore this update ( If you accidentally closed this PR, or if you changed your mind: rename this PR to get a fresh replacement PR. |
This PR contains the following updates:
7.5.0
->7.5.2
GitHub Vulnerability Alerts
CVE-2022-25883
Versions of the package semver before 7.5.2 on the 7.x branch, before 6.3.1 on the 6.x branch, and all other versions before 5.7.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.
Release Notes
npm/node-semver (semver)
v7.5.2
Compare Source
Bug Fixes
58c791f
#566 diff when detecting major change from prerelease (#566) (@lukekarrys)5c8efbc
#565 preserve build in raw after inc (#565) (@lukekarrys)717534e
#564 better handling of whitespace (#564) (@lukekarrys)v7.5.1
Compare Source
Bug Fixes
d30d25a
#559 show type on invalid semver error (#559) (@tjenkinson)Configuration
📅 Schedule: Branch creation - "" in timezone Australia/Sydney, Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.