[Security] Bump semver from 7.3.8 to 7.6.3
Bumps semver from 7.3.8 to 7.6.3. This update includes a security fix.
Vulnerabilities fixed
semver vulnerable to Regular Expression Denial of Service Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.
Patched versions: 7.5.2; 7.5.2 Affected versions: = 7.0.0, < 7.5.2
Release notes
Sourced from semver's releases.
v7.6.3
7.6.3 (2024-07-16)
Bug Fixes
Documentation
v7.6.2
7.6.2 (2024-05-09)
Bug Fixes
6466ba9#713 lru: use map.delete() directly (#713) (@negezor,@lukekarrys)v7.6.1
7.6.1 (2024-05-04)
Bug Fixes
c570a34#704 linting: no-unused-vars (@wraithgar)ad8ff11#704 use internal cache implementation (@mbtools)ac9b357#682 typo in compareBuild debug message (#682) (@mbtools)Dependencies
Chores
dd09b60#705 bump@npmcli/template-ossto 4.22.0 (@lukekarrys)ec49cdc#701 chore: chore: postinstall for dependabot template-oss PR (@lukekarrys)b236c3d#696 add benchmarks (#696) (@H4ad)692451b#688 various improvements to README (#688) (@mbtools)5feeb7f#705 postinstall for dependabot template-oss PR (@lukekarrys)074156f#701 bump@npmcli/template-ossfrom 4.21.3 to 4.21.4 (@dependabot[bot])v7.6.0
7.6.0 (2024-01-31)
Features
a7ab13a#671 preserve pre-release and build parts of a version on coerce (#671) (@madtisa, madtisa,@wraithgar)Chores
... (truncated)
Changelog
Sourced from semver's changelog.
7.6.3 (2024-07-16)
Bug Fixes
Documentation
7.6.2 (2024-05-09)
Bug Fixes
6466ba9#713 lru: use map.delete() directly (#713) (@negezor,@lukekarrys)7.6.1 (2024-05-04)
Bug Fixes
c570a34#704 linting: no-unused-vars (@wraithgar)ad8ff11#704 use internal cache implementation (@mbtools)ac9b357#682 typo in compareBuild debug message (#682) (@mbtools)Dependencies
Chores
dd09b60#705 bump@npmcli/template-ossto 4.22.0 (@lukekarrys)ec49cdc#701 chore: chore: postinstall for dependabot template-oss PR (@lukekarrys)b236c3d#696 add benchmarks (#696) (@H4ad)692451b#688 various improvements to README (#688) (@mbtools)5feeb7f#705 postinstall for dependabot template-oss PR (@lukekarrys)074156f#701 bump@npmcli/template-ossfrom 4.21.3 to 4.21.4 (@dependabot[bot])7.6.0 (2024-01-31)
Features
a7ab13a#671 preserve pre-release and build parts of a version on coerce (#671) (@madtisa, madtisa,@wraithgar)Chores
816c7b2#667 postinstall for dependabot template-oss PR (@lukekarrys)0bd24d9#667 bump@npmcli/template-ossfrom 4.21.1 to 4.21.3 (@dependabot[bot])e521932#652 postinstall for dependabot template-oss PR (@lukekarrys)8873991#652 chore: chore: postinstall for dependabot template-oss PR (@lukekarrys)
... (truncated)
Commits
-
0a12d6cchore: release 7.6.3 (#720) -
73a3d79fix: optimize Range parsing and formatting (#726) -
2975ecedocs: fix extra backtick typo (#719) -
eb1380bchore: release 7.6.2 (#714) -
6466ba9fix(lru): use map.delete() directly (#713) -
d777418chore: release 7.6.1 (#706) -
988a8dedeps: uninstalllru-cache(#709) -
5feeb7fchore: postinstall for dependabot template-oss PR -
dd09b60chore: bump@npmcli/template-ossto 4.22.0 -
c570a34fix(linting): no-unused-vars - Additional commits viewable in compare view
Maintainer changes
This version was pushed to npm by npm-cli-ops, a new releaser for semver since your current version.
Dependabot commands
You can trigger Dependabot actions by commenting on this MR
-
$dependabot rebasewill rebase this MR -
$dependabot recreatewill recreate this MR rewriting all the manual changes and resolving conflicts