Open dc185334 opened 1 year ago
semver 5.4.1 seem to have CVE https://www.mend.io/vulnerability-database/CVE-2022-25883 any chane to update that dependency?
having same issue +1
Having the snyk issue Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795] in semver@7.5.1 introduced by aws-xray-sdk@3.5.0 > aws-xray-sdk-core@3.5.0 > cls-hooked@4.2.2 > semver@5.7.1 and 1 other path(s) This issue was fixed in versions: 7.5.2
7.5.2 force resolution works like a charm for the last two weeks. Just letting you to know.
What is the plan to release the fix of this issue anytime soon?
There's a pull request (https://github.com/Jeff-Lewis/cls-hooked/pull/81) that's been sitting there for a month. I'm guessing the author has abandoned this project :-(.
I have no issues with such npm overrides in my package.json, but it is still my case: