-
### Please try to fill out as much of the information below as you can. Thank you!
- [X] Yes, I've searched similar issues on GitHub and didn't find any.
### Which version contains the bug?
2…
-
**Describe the bug**
After installing fhirclient, the npm audit will report the following:
semver 7.0.0 - 7.5.1
Severity: moderate
semver vulnerable to Regular Expression Denial of Service - ht…
-
```
vx.x.(x)
-
Similar to #5 (thank you so much for fixing it!!), it looks like NuGet is also assumed to be SemVer: https://github.com/nexB/univers/blob/21864169341c4949bd40c931cd8450488de24d64/src/univers/versions.…
-
During a recent audit of our project using Trapeze, a high severity security vulnerability was detected in the semver package (versions 7.0.0 to 7.5.1), which is a dependency of Trapeze. The vulnerabi…
-
### Description
Currently we read out the `versionName` as-is, but the customer can set any random string in there, which will break our release health feature (and everything around releases in gene…
-
I know the preferred way to reference ranges in `nvm` is with `lts/name`, but we've run into an issue when `pkg.engines` has to specify a minimum value for the minor version, ie `>= 10.13.1`. Without …
-
Hi,
I see that https://semver.org is versioned and we currently sit at version 2.0.0
Intuitively I'd expect it to use semantic versioning to version itself. But it looks like it doesn't?
I n…
-
Hello!
We're trying to `skopeo sync` oci artifacts for use with helm. They are versioned according to semver, but also contain metadata (after the `+` character, which helm changes to an underscore…
-
### Description
Is your feature request related to a problem? Please describe.
There have been a few times we have to add semver checks before registering something or have forked logic to determine…