Firstly, thanks for your work on this project! 🙂
Today I used patch-package to patch node-abi@3.52.0 for the project I'm working on.
Semver, the dependent of the node-abi package has CVE-2022-25883 vulnerability. After carefully comparing 7.3.5 and 7.5.3 versions of the semver, concluded on there is no code updates needed but only version of semver need to be updated for node-abi.
Hi! 👋
Firstly, thanks for your work on this project! 🙂
Today I used patch-package to patch
node-abi@3.52.0
for the project I'm working on.Semver, the dependent of the node-abi package has CVE-2022-25883 vulnerability. After carefully comparing 7.3.5 and 7.5.3 versions of the semver, concluded on there is no code updates needed but only version of semver need to be updated for node-abi.
NPM Audit: https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
Here is the diff that solved my problem:
This issue body was partially generated by patch-package.