Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.
Release Notes
npm/node-semver
### [`v7.5.2`](https://togithub.com/npm/node-semver/blob/HEAD/CHANGELOG.md#752-httpsgithubcomnpmnode-semvercomparev751v752-2023-06-15)
[Compare Source](https://togithub.com/npm/node-semver/compare/v7.5.1...v7.5.2)
##### Bug Fixes
- [`58c791f`](https://togithub.com/npm/node-semver/commit/58c791f40ba8cf4be35a5ca6644353ecd6249edc) [#566](https://togithub.com/npm/node-semver/pull/566) diff when detecting major change from prerelease ([#566](https://togithub.com/npm/node-semver/issues/566)) ([@lukekarrys](https://togithub.com/lukekarrys))
- [`5c8efbc`](https://togithub.com/npm/node-semver/commit/5c8efbcb3c6c125af10746d054faff13e8c33fbd) [#565](https://togithub.com/npm/node-semver/pull/565) preserve build in raw after inc ([#565](https://togithub.com/npm/node-semver/issues/565)) ([@lukekarrys](https://togithub.com/lukekarrys))
- [`717534e`](https://togithub.com/npm/node-semver/commit/717534ee353682f3bcf33e60a8af4292626d4441) [#564](https://togithub.com/npm/node-semver/pull/564) better handling of whitespace ([#564](https://togithub.com/npm/node-semver/issues/564)) ([@lukekarrys](https://togithub.com/lukekarrys))
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
â™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, check this box
This PR has been generated by Mend Renovate. View repository job log here.
This PR contains the following updates:
7.5.1
->7.5.2
GitHub Vulnerability Alerts
CVE-2022-25883
Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.
Release Notes
npm/node-semver
### [`v7.5.2`](https://togithub.com/npm/node-semver/blob/HEAD/CHANGELOG.md#752-httpsgithubcomnpmnode-semvercomparev751v752-2023-06-15) [Compare Source](https://togithub.com/npm/node-semver/compare/v7.5.1...v7.5.2) ##### Bug Fixes - [`58c791f`](https://togithub.com/npm/node-semver/commit/58c791f40ba8cf4be35a5ca6644353ecd6249edc) [#566](https://togithub.com/npm/node-semver/pull/566) diff when detecting major change from prerelease ([#566](https://togithub.com/npm/node-semver/issues/566)) ([@lukekarrys](https://togithub.com/lukekarrys)) - [`5c8efbc`](https://togithub.com/npm/node-semver/commit/5c8efbcb3c6c125af10746d054faff13e8c33fbd) [#565](https://togithub.com/npm/node-semver/pull/565) preserve build in raw after inc ([#565](https://togithub.com/npm/node-semver/issues/565)) ([@lukekarrys](https://togithub.com/lukekarrys)) - [`717534e`](https://togithub.com/npm/node-semver/commit/717534ee353682f3bcf33e60a8af4292626d4441) [#564](https://togithub.com/npm/node-semver/pull/564) better handling of whitespace ([#564](https://togithub.com/npm/node-semver/issues/564)) ([@lukekarrys](https://togithub.com/lukekarrys))Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
â™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.