[Security] Bump semver from 7.3.8 to 7.6.0

Bumps semver from 7.3.8 to 7.6.0. This update includes a security fix.

Vulnerabilities fixed

semver vulnerable to Regular Expression Denial of Service Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.

Patched versions: 7.5.2; 7.5.2 Affected versions: = 7.0.0, < 7.5.2

Release notes

Sourced from semver's releases.

v7.6.0

7.6.0 (2024-01-31)

Features

• a7ab13a #671 preserve pre-release and build parts of a version on coerce (#671) (@​madtisa, madtisa, @​wraithgar)

Chores

• 816c7b2 #667 postinstall for dependabot template-oss PR (@​lukekarrys)
• 0bd24d9 #667 bump @​npmcli/template-oss from 4.21.1 to 4.21.3 (@​dependabot[bot])
• e521932 #652 postinstall for dependabot template-oss PR (@​lukekarrys)
• 8873991 #652 chore: chore: postinstall for dependabot template-oss PR (@​lukekarrys)
• f317dc8 #652 bump @​npmcli/template-oss from 4.19.0 to 4.21.0 (@​dependabot[bot])
• 7303db1 #658 add clean() test for build metadata (#658) (@​jethrodaniel)
• 6240d75 #656 add missing quotes in README.md (#656) (@​zyxkad)
• 14d263f #625 postinstall for dependabot template-oss PR (@​lukekarrys)
• 7c34e1a #625 bump @​npmcli/template-oss from 4.18.1 to 4.19.0 (@​dependabot[bot])
• 123e0b0 #622 postinstall for dependabot template-oss PR (@​lukekarrys)
• 737d5e1 #622 bump @​npmcli/template-oss from 4.18.0 to 4.18.1 (@​dependabot[bot])
• cce6180 #598 postinstall for dependabot template-oss PR (@​lukekarrys)
• b914a3d #598 bump @​npmcli/template-oss from 4.17.0 to 4.18.0 (@​dependabot[bot])

v7.5.4

7.5.4 (2023-07-07)

Bug Fixes

• cc6fde2 #588 trim each range set before parsing (@​lukekarrys)
• 99d8287 #583 correctly parse long build ids as valid (#583) (@​lukekarrys)

v7.5.3

7.5.3 (2023-06-22)

Bug Fixes

• abdd93d #571 set max lengths in regex for numeric and build identifiers (#571) (@​lukekarrys)

Documentation

• bf53dd8 #569 add example for > comparator (#569) (@​mbtools)

v7.5.2

7.5.2 (2023-06-15)

Bug Fixes

• 58c791f #566 diff when detecting major change from prerelease (#566) (@​lukekarrys)
• 5c8efbc #565 preserve build in raw after inc (#565) (@​lukekarrys)
• 717534e #564 better handling of whitespace (#564) (@​lukekarrys)

... (truncated)

Changelog

Sourced from semver's changelog.

7.6.0 (2024-01-31)

Features

• a7ab13a #671 preserve pre-release and build parts of a version on coerce (#671) (@​madtisa, madtisa, @​wraithgar)

Chores

• 816c7b2 #667 postinstall for dependabot template-oss PR (@​lukekarrys)
• 0bd24d9 #667 bump @​npmcli/template-oss from 4.21.1 to 4.21.3 (@​dependabot[bot])
• e521932 #652 postinstall for dependabot template-oss PR (@​lukekarrys)
• 8873991 #652 chore: chore: postinstall for dependabot template-oss PR (@​lukekarrys)
• f317dc8 #652 bump @​npmcli/template-oss from 4.19.0 to 4.21.0 (@​dependabot[bot])
• 7303db1 #658 add clean() test for build metadata (#658) (@​jethrodaniel)
• 6240d75 #656 add missing quotes in README.md (#656) (@​zyxkad)
• 14d263f #625 postinstall for dependabot template-oss PR (@​lukekarrys)
• 7c34e1a #625 bump @​npmcli/template-oss from 4.18.1 to 4.19.0 (@​dependabot[bot])
• 123e0b0 #622 postinstall for dependabot template-oss PR (@​lukekarrys)
• 737d5e1 #622 bump @​npmcli/template-oss from 4.18.0 to 4.18.1 (@​dependabot[bot])
• cce6180 #598 postinstall for dependabot template-oss PR (@​lukekarrys)
• b914a3d #598 bump @​npmcli/template-oss from 4.17.0 to 4.18.0 (@​dependabot[bot])

7.5.4 (2023-07-07)

Bug Fixes

• cc6fde2 #588 trim each range set before parsing (@​lukekarrys)
• 99d8287 #583 correctly parse long build ids as valid (#583) (@​lukekarrys)

7.5.3 (2023-06-22)

Bug Fixes

• abdd93d #571 set max lengths in regex for numeric and build identifiers (#571) (@​lukekarrys)

Documentation

• bf53dd8 #569 add example for > comparator (#569) (@​mbtools)

7.5.2 (2023-06-15)

Bug Fixes

• 58c791f #566 diff when detecting major change from prerelease (#566) (@​lukekarrys)
• 5c8efbc #565 preserve build in raw after inc (#565) (@​lukekarrys)
• 717534e #564 better handling of whitespace (#564) (@​lukekarrys)

7.5.1 (2023-05-12)

Bug Fixes

... (truncated)

Commits

• 377f709 chore: release 7.6.0 (#661)
• a7ab13a feat: preserve pre-release and build parts of a version on coerce (#671)
• 816c7b2 chore: postinstall for dependabot template-oss PR
• 0bd24d9 chore: bump @​npmcli/template-oss from 4.21.1 to 4.21.3
• e521932 chore: postinstall for dependabot template-oss PR
• 8873991 chore: chore: chore: postinstall for dependabot template-oss PR
• f317dc8 chore: bump @​npmcli/template-oss from 4.19.0 to 4.21.0
• 7303db1 chore: add clean() test for build metadata (#658)
• 6240d75 chore: add missing quotes in README.md (#656)
• 14d263f chore: postinstall for dependabot template-oss PR
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by npm-cli-ops, a new releaser for semver since your current version.

---

Dependabot commands

You can trigger Dependabot actions by commenting on this MR

• $dependabot rebase will rebase this MR
• $dependabot recreate will recreate this MR rewriting all the manual changes and resolving conflicts