[Security] Bump semver from 7.3.8 to 7.6.1
Bumps semver from 7.3.8 to 7.6.1. This update includes a security fix.
Vulnerabilities fixed
semver vulnerable to Regular Expression Denial of Service Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.
Patched versions: 7.5.2; 7.5.2 Affected versions: = 7.0.0, < 7.5.2
Release notes
Sourced from semver's releases.
v7.6.1
7.6.1 (2024-05-04)
Bug Fixes
c570a34
#704 linting: no-unused-vars (@wraithgar
)ad8ff11
#704 use internal cache implementation (@mbtools
)ac9b357
#682 typo in compareBuild debug message (#682) (@mbtools
)Dependencies
Chores
dd09b60
#705 bump@npmcli/template-oss
to 4.22.0 (@lukekarrys
)ec49cdc
#701 chore: chore: postinstall for dependabot template-oss PR (@lukekarrys
)b236c3d
#696 add benchmarks (#696) (@H4ad
)692451b
#688 various improvements to README (#688) (@mbtools
)5feeb7f
#705 postinstall for dependabot template-oss PR (@lukekarrys
)074156f
#701 bump@npmcli/template-oss
from 4.21.3 to 4.21.4 (@dependabot
[bot])v7.6.0
7.6.0 (2024-01-31)
Features
a7ab13a
#671 preserve pre-release and build parts of a version on coerce (#671) (@madtisa
, madtisa,@wraithgar
)Chores
816c7b2
#667 postinstall for dependabot template-oss PR (@lukekarrys
)0bd24d9
#667 bump@npmcli/template-oss
from 4.21.1 to 4.21.3 (@dependabot
[bot])e521932
#652 postinstall for dependabot template-oss PR (@lukekarrys
)8873991
#652 chore: chore: postinstall for dependabot template-oss PR (@lukekarrys
)f317dc8
#652 bump@npmcli/template-oss
from 4.19.0 to 4.21.0 (@dependabot
[bot])7303db1
#658 add clean() test for build metadata (#658) (@jethrodaniel
)6240d75
#656 add missing quotes in README.md (#656) (@zyxkad
)14d263f
#625 postinstall for dependabot template-oss PR (@lukekarrys
)7c34e1a
#625 bump@npmcli/template-oss
from 4.18.1 to 4.19.0 (@dependabot
[bot])123e0b0
#622 postinstall for dependabot template-oss PR (@lukekarrys
)737d5e1
#622 bump@npmcli/template-oss
from 4.18.0 to 4.18.1 (@dependabot
[bot])cce6180
#598 postinstall for dependabot template-oss PR (@lukekarrys
)b914a3d
#598 bump@npmcli/template-oss
from 4.17.0 to 4.18.0 (@dependabot
[bot])v7.5.4
7.5.4 (2023-07-07)
Bug Fixes
... (truncated)
Changelog
Sourced from semver's changelog.
7.6.1 (2024-05-04)
Bug Fixes
c570a34
#704 linting: no-unused-vars (@wraithgar
)ad8ff11
#704 use internal cache implementation (@mbtools
)ac9b357
#682 typo in compareBuild debug message (#682) (@mbtools
)Dependencies
Chores
dd09b60
#705 bump@npmcli/template-oss
to 4.22.0 (@lukekarrys
)ec49cdc
#701 chore: chore: postinstall for dependabot template-oss PR (@lukekarrys
)b236c3d
#696 add benchmarks (#696) (@H4ad
)692451b
#688 various improvements to README (#688) (@mbtools
)5feeb7f
#705 postinstall for dependabot template-oss PR (@lukekarrys
)074156f
#701 bump@npmcli/template-oss
from 4.21.3 to 4.21.4 (@dependabot
[bot])7.6.0 (2024-01-31)
Features
a7ab13a
#671 preserve pre-release and build parts of a version on coerce (#671) (@madtisa
, madtisa,@wraithgar
)Chores
816c7b2
#667 postinstall for dependabot template-oss PR (@lukekarrys
)0bd24d9
#667 bump@npmcli/template-oss
from 4.21.1 to 4.21.3 (@dependabot
[bot])e521932
#652 postinstall for dependabot template-oss PR (@lukekarrys
)8873991
#652 chore: chore: postinstall for dependabot template-oss PR (@lukekarrys
)f317dc8
#652 bump@npmcli/template-oss
from 4.19.0 to 4.21.0 (@dependabot
[bot])7303db1
#658 add clean() test for build metadata (#658) (@jethrodaniel
)6240d75
#656 add missing quotes in README.md (#656) (@zyxkad
)14d263f
#625 postinstall for dependabot template-oss PR (@lukekarrys
)7c34e1a
#625 bump@npmcli/template-oss
from 4.18.1 to 4.19.0 (@dependabot
[bot])123e0b0
#622 postinstall for dependabot template-oss PR (@lukekarrys
)737d5e1
#622 bump@npmcli/template-oss
from 4.18.0 to 4.18.1 (@dependabot
[bot])cce6180
#598 postinstall for dependabot template-oss PR (@lukekarrys
)b914a3d
#598 bump@npmcli/template-oss
from 4.17.0 to 4.18.0 (@dependabot
[bot])7.5.4 (2023-07-07)
Bug Fixes
cc6fde2
#588 trim each range set before parsing (@lukekarrys
)99d8287
#583 correctly parse long build ids as valid (#583) (@lukekarrys
)
... (truncated)
Commits
-
d777418
chore: release 7.6.1 (#706) -
988a8de
deps: uninstalllru-cache
(#709) -
5feeb7f
chore: postinstall for dependabot template-oss PR -
dd09b60
chore: bump@npmcli/template-oss
to 4.22.0 -
c570a34
fix(linting): no-unused-vars -
ad8ff11
fix: use internal cache implementation -
3fabe4d
deps: remove lru-cache -
ec49cdc
chore: chore: chore: postinstall for dependabot template-oss PR -
074156f
chore: bump@npmcli/template-oss
from 4.21.3 to 4.21.4 -
b236c3d
chore: add benchmarks (#696) - Additional commits viewable in compare view
Maintainer changes
This version was pushed to npm by npm-cli-ops, a new releaser for semver since your current version.
Dependabot commands
You can trigger Dependabot actions by commenting on this MR
-
$dependabot rebase
will rebase this MR -
$dependabot recreate
will recreate this MR rewriting all the manual changes and resolving conflicts