search

db-migrate / node-db-migrate

Database migration framework for node
Other
2.32k stars 360 forks source link

semver related CVE and release #821

Open tyriis opened 1 year ago

tyriis commented 1 year ago

I'm submitting a...

Current behavior

I am using db-migrate in many projects, there is a fixed vulnerability in the semver dependency. Currently our security checks are failing. https://cwe.mitre.org/data/definitions/1333.html

Expected behavior

semver should be updated to >= 7.5.2

Minimal reproduction of the problem with instructions

npm audit

What is the motivation / use case for changing the behavior?

We <3 security.

Environment


db-migrate version: 0.11.13

Additional information:
- Node version: v20.3.1
- Platform: Linux

Others:
Thanks for your work.
It would be great to have a release or pre-release of current state :)