Skip to content

[Security] Bump semver from 7.3.8 to 7.6.1

dependabot requested to merge dependabot-npm_and_yarn-semver-7.6.1 into main

Bumps semver from 7.3.8 to 7.6.1. This update includes a security fix.

Vulnerabilities fixed

semver vulnerable to Regular Expression Denial of Service Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.

Patched versions: 7.5.2; 7.5.2 Affected versions: = 7.0.0, < 7.5.2

Release notes

Sourced from semver's releases.

v7.6.1

7.6.1 (2024-05-04)

Bug Fixes

Dependencies

Chores

v7.6.0

7.6.0 (2024-01-31)

Features

Chores

v7.5.4

7.5.4 (2023-07-07)

Bug Fixes

... (truncated)

Changelog

Sourced from semver's changelog.

7.6.1 (2024-05-04)

Bug Fixes

Dependencies

Chores

7.6.0 (2024-01-31)

Features

Chores

7.5.4 (2023-07-07)

Bug Fixes

... (truncated)

Commits
  • d777418 chore: release 7.6.1 (#706)
  • 988a8de deps: uninstall lru-cache (#709)
  • 5feeb7f chore: postinstall for dependabot template-oss PR
  • dd09b60 chore: bump @​npmcli/template-oss to 4.22.0
  • c570a34 fix(linting): no-unused-vars
  • ad8ff11 fix: use internal cache implementation
  • 3fabe4d deps: remove lru-cache
  • ec49cdc chore: chore: chore: postinstall for dependabot template-oss PR
  • 074156f chore: bump @​npmcli/template-oss from 4.21.3 to 4.21.4
  • b236c3d chore: add benchmarks (#696)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by npm-cli-ops, a new releaser for semver since your current version.



Dependabot commands
You can trigger Dependabot actions by commenting on this MR
  • $dependabot rebase will rebase this MR
  • $dependabot recreate will recreate this MR rewriting all the manual changes and resolving conflicts

Merge request reports

Loading