Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(deps): update dependency semver to v7.5.2 [security] - autoclosed #1624

Closed
wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Aug 3, 2023

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
semver 7.3.4 -> 7.5.2 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2022-25883

Versions of the package semver before 7.5.2 on the 7.x branch, before 6.3.1 on the 6.x branch, and all other versions before 5.7.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.


Release Notes

npm/node-semver (semver)

v7.5.2

Compare Source

Bug Fixes

v7.5.1

Compare Source

Bug Fixes

v7.5.0

Compare Source

Features
Bug Fixes

v7.4.0

Compare Source

Features
Bug Fixes
Documentation

v7.3.8

Compare Source

Bug Fixes
Documentation
7.3.7 (2022-04-11)
Bug Fixes
Dependencies
7.3.6 (2022-04-05)
Bug Fixes
Documentation
  • clarify * range behavior (cb1ca1d)
Dependencies

v7.3.7

Compare Source

v7.3.6

Compare Source

v7.3.5

Compare Source


Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot force-pushed the renovate/npm-semver-vulnerability branch 2 times, most recently from ab487a3 to b9a6ead Compare August 27, 2023 09:39
@renovate renovate bot force-pushed the renovate/npm-semver-vulnerability branch 2 times, most recently from 706e5ea to 5006ccd Compare September 24, 2023 06:49
@renovate renovate bot force-pushed the renovate/npm-semver-vulnerability branch from 5006ccd to fb87042 Compare September 26, 2023 15:50
@renovate renovate bot force-pushed the renovate/npm-semver-vulnerability branch from fb87042 to e48ddf1 Compare October 7, 2023 05:38
@renovate renovate bot force-pushed the renovate/npm-semver-vulnerability branch 2 times, most recently from 0760b78 to 808d0bc Compare October 19, 2023 20:23
@renovate renovate bot force-pushed the renovate/npm-semver-vulnerability branch from 808d0bc to e287e67 Compare November 6, 2023 07:07
@renovate renovate bot force-pushed the renovate/npm-semver-vulnerability branch from e287e67 to 0e72ade Compare November 14, 2023 21:53
@renovate renovate bot force-pushed the renovate/npm-semver-vulnerability branch from 0e72ade to a19c26d Compare December 3, 2023 10:13
@renovate renovate bot force-pushed the renovate/npm-semver-vulnerability branch from a19c26d to aaee018 Compare December 10, 2023 21:19
@renovate renovate bot force-pushed the renovate/npm-semver-vulnerability branch from aaee018 to 1e4fba2 Compare January 28, 2024 09:12
@renovate renovate bot force-pushed the renovate/npm-semver-vulnerability branch 2 times, most recently from 01feea3 to 2a3f4a3 Compare February 8, 2024 09:37
@renovate renovate bot force-pushed the renovate/npm-semver-vulnerability branch from 2a3f4a3 to 91b3dfd Compare February 25, 2024 11:07
@renovate renovate bot force-pushed the renovate/npm-semver-vulnerability branch from 91b3dfd to d286922 Compare March 16, 2024 14:15
@renovate renovate bot force-pushed the renovate/npm-semver-vulnerability branch from d286922 to d0b83e2 Compare June 4, 2024 14:55
@renovate renovate bot force-pushed the renovate/npm-semver-vulnerability branch from d0b83e2 to fe5c243 Compare July 6, 2024 15:15
@renovate renovate bot force-pushed the renovate/npm-semver-vulnerability branch from fe5c243 to 80f4f82 Compare July 21, 2024 12:59
@renovate renovate bot changed the title fix(deps): update dependency semver to v7.5.2 [security] fix(deps): update dependency semver to v7.5.2 [security] - autoclosed Aug 6, 2024
@renovate renovate bot closed this Aug 6, 2024
@renovate renovate bot deleted the renovate/npm-semver-vulnerability branch August 6, 2024 07:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants