[Security] Bump semver from 7.3.8 to 7.6.3
Bumps semver from 7.3.8 to 7.6.3. This update includes a security fix.
Vulnerabilities fixed
semver vulnerable to Regular Expression Denial of Service Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.
Patched versions: 7.5.2; 7.5.2 Affected versions: = 7.0.0, < 7.5.2
Release notes
Sourced from semver's releases.
v7.6.3
7.6.3 (2024-07-16)
Bug Fixes
Documentation
v7.6.2
7.6.2 (2024-05-09)
Bug Fixes
6466ba9
#713 lru: use map.delete() directly (#713) (@negezor
,@lukekarrys
)v7.6.1
7.6.1 (2024-05-04)
Bug Fixes
c570a34
#704 linting: no-unused-vars (@wraithgar
)ad8ff11
#704 use internal cache implementation (@mbtools
)ac9b357
#682 typo in compareBuild debug message (#682) (@mbtools
)Dependencies
Chores
dd09b60
#705 bump@npmcli/template-oss
to 4.22.0 (@lukekarrys
)ec49cdc
#701 chore: chore: postinstall for dependabot template-oss PR (@lukekarrys
)b236c3d
#696 add benchmarks (#696) (@H4ad
)692451b
#688 various improvements to README (#688) (@mbtools
)5feeb7f
#705 postinstall for dependabot template-oss PR (@lukekarrys
)074156f
#701 bump@npmcli/template-oss
from 4.21.3 to 4.21.4 (@dependabot
[bot])v7.6.0
7.6.0 (2024-01-31)
Features
a7ab13a
#671 preserve pre-release and build parts of a version on coerce (#671) (@madtisa
, madtisa,@wraithgar
)Chores
... (truncated)
Changelog
Sourced from semver's changelog.
7.6.3 (2024-07-16)
Bug Fixes
Documentation
7.6.2 (2024-05-09)
Bug Fixes
6466ba9
#713 lru: use map.delete() directly (#713) (@negezor
,@lukekarrys
)7.6.1 (2024-05-04)
Bug Fixes
c570a34
#704 linting: no-unused-vars (@wraithgar
)ad8ff11
#704 use internal cache implementation (@mbtools
)ac9b357
#682 typo in compareBuild debug message (#682) (@mbtools
)Dependencies
Chores
dd09b60
#705 bump@npmcli/template-oss
to 4.22.0 (@lukekarrys
)ec49cdc
#701 chore: chore: postinstall for dependabot template-oss PR (@lukekarrys
)b236c3d
#696 add benchmarks (#696) (@H4ad
)692451b
#688 various improvements to README (#688) (@mbtools
)5feeb7f
#705 postinstall for dependabot template-oss PR (@lukekarrys
)074156f
#701 bump@npmcli/template-oss
from 4.21.3 to 4.21.4 (@dependabot
[bot])7.6.0 (2024-01-31)
Features
a7ab13a
#671 preserve pre-release and build parts of a version on coerce (#671) (@madtisa
, madtisa,@wraithgar
)Chores
816c7b2
#667 postinstall for dependabot template-oss PR (@lukekarrys
)0bd24d9
#667 bump@npmcli/template-oss
from 4.21.1 to 4.21.3 (@dependabot
[bot])e521932
#652 postinstall for dependabot template-oss PR (@lukekarrys
)8873991
#652 chore: chore: postinstall for dependabot template-oss PR (@lukekarrys
)
... (truncated)
Commits
-
0a12d6c
chore: release 7.6.3 (#720) -
73a3d79
fix: optimize Range parsing and formatting (#726) -
2975ece
docs: fix extra backtick typo (#719) -
eb1380b
chore: release 7.6.2 (#714) -
6466ba9
fix(lru): use map.delete() directly (#713) -
d777418
chore: release 7.6.1 (#706) -
988a8de
deps: uninstalllru-cache
(#709) -
5feeb7f
chore: postinstall for dependabot template-oss PR -
dd09b60
chore: bump@npmcli/template-oss
to 4.22.0 -
c570a34
fix(linting): no-unused-vars - Additional commits viewable in compare view
Maintainer changes
This version was pushed to npm by npm-cli-ops, a new releaser for semver since your current version.
Dependabot commands
You can trigger Dependabot actions by commenting on this MR
-
$dependabot rebase
will rebase this MR -
$dependabot recreate
will recreate this MR rewriting all the manual changes and resolving conflicts