ember-cli / ember-cli-update

Update Ember CLI projects
MIT License
278 stars 41 forks source link

Update dependency semver to v7.5.2 [SECURITY] - autoclosed #1234

Closed renovate[bot] closed 1 year ago

renovate[bot] commented 1 year ago

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
semver 7.3.2 -> 7.5.2 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2022-25883

Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.


Release Notes

npm/node-semver (semver) ### [`v7.5.2`](https://togithub.com/npm/node-semver/blob/HEAD/CHANGELOG.md#​752-httpsgithubcomnpmnode-semvercomparev751v752-2023-06-15) [Compare Source](https://togithub.com/npm/node-semver/compare/v7.5.1...v7.5.2) ##### Bug Fixes - [`58c791f`](https://togithub.com/npm/node-semver/commit/58c791f40ba8cf4be35a5ca6644353ecd6249edc) [#​566](https://togithub.com/npm/node-semver/pull/566) diff when detecting major change from prerelease ([#​566](https://togithub.com/npm/node-semver/issues/566)) ([@​lukekarrys](https://togithub.com/lukekarrys)) - [`5c8efbc`](https://togithub.com/npm/node-semver/commit/5c8efbcb3c6c125af10746d054faff13e8c33fbd) [#​565](https://togithub.com/npm/node-semver/pull/565) preserve build in raw after inc ([#​565](https://togithub.com/npm/node-semver/issues/565)) ([@​lukekarrys](https://togithub.com/lukekarrys)) - [`717534e`](https://togithub.com/npm/node-semver/commit/717534ee353682f3bcf33e60a8af4292626d4441) [#​564](https://togithub.com/npm/node-semver/pull/564) better handling of whitespace ([#​564](https://togithub.com/npm/node-semver/issues/564)) ([@​lukekarrys](https://togithub.com/lukekarrys)) ### [`v7.5.1`](https://togithub.com/npm/node-semver/blob/HEAD/CHANGELOG.md#​751-httpsgithubcomnpmnode-semvercomparev750v751-2023-05-12) [Compare Source](https://togithub.com/npm/node-semver/compare/v7.5.0...v7.5.1) ##### Bug Fixes - [`d30d25a`](https://togithub.com/npm/node-semver/commit/d30d25a5c1fb963c3cc9178cb1769fe45e4a3cab) [#​559](https://togithub.com/npm/node-semver/pull/559) show type on invalid semver error ([#​559](https://togithub.com/npm/node-semver/issues/559)) ([@​tjenkinson](https://togithub.com/tjenkinson)) ### [`v7.5.0`](https://togithub.com/npm/node-semver/blob/HEAD/CHANGELOG.md#​750-httpsgithubcomnpmnode-semvercomparev740v750-2023-04-17) [Compare Source](https://togithub.com/npm/node-semver/compare/v7.4.0...v7.5.0) ##### Features - [`503a4e5`](https://togithub.com/npm/node-semver/commit/503a4e52fe2b1c6ed1400d33149f7733c8361eed) [#​548](https://togithub.com/npm/node-semver/pull/548) allow identifierBase to be false ([#​548](https://togithub.com/npm/node-semver/issues/548)) ([@​lsvalina](https://togithub.com/lsvalina)) ##### Bug Fixes - [`e219bb4`](https://togithub.com/npm/node-semver/commit/e219bb454036a0c23e34407591f921c8edb688e7) [#​552](https://togithub.com/npm/node-semver/pull/552) throw on bad version with correct error message ([#​552](https://togithub.com/npm/node-semver/issues/552)) ([@​wraithgar](https://togithub.com/wraithgar)) - [`fc2f3df`](https://togithub.com/npm/node-semver/commit/fc2f3df0b5d25253b3580607e111a9a280d888ca) [#​546](https://togithub.com/npm/node-semver/pull/546) incorrect results from diff sometimes with prerelease versions ([#​546](https://togithub.com/npm/node-semver/issues/546)) ([@​tjenkinson](https://togithub.com/tjenkinson)) - [`2781767`](https://togithub.com/npm/node-semver/commit/27817677794f592b592bf6181a80a4824ff762b2) [#​547](https://togithub.com/npm/node-semver/pull/547) avoid re-instantiating SemVer during diff compare ([#​547](https://togithub.com/npm/node-semver/issues/547)) ([@​macno](https://togithub.com/macno)) ### [`v7.4.0`](https://togithub.com/npm/node-semver/blob/HEAD/CHANGELOG.md#​740-httpsgithubcomnpmnode-semvercomparev738v740-2023-04-10) [Compare Source](https://togithub.com/npm/node-semver/compare/v7.3.8...v7.4.0) ##### Features - [`113f513`](https://togithub.com/npm/node-semver/commit/113f51312a1a6b6aa50d4f9486b4fde21782c1f5) [#​532](https://togithub.com/npm/node-semver/pull/532) identifierBase parameter for .inc ([#​532](https://togithub.com/npm/node-semver/issues/532)) ([@​wraithgar](https://togithub.com/wraithgar), [@​b-bly](https://togithub.com/b-bly)) - [`48d8f8f`](https://togithub.com/npm/node-semver/commit/48d8f8fa63bf6e35db70ff840b6da1a51596a5a8) [#​530](https://togithub.com/npm/node-semver/pull/530) export new RELEASE_TYPES constant ([@​hcharley](https://togithub.com/hcharley)) ##### Bug Fixes - [`940723d`](https://togithub.com/npm/node-semver/commit/940723d22bca824993627c45ac30dd3d2854b8cd) [#​538](https://togithub.com/npm/node-semver/pull/538) intersects with v0.0.0 and v0.0.0-0 ([#​538](https://togithub.com/npm/node-semver/issues/538)) ([@​wraithgar](https://togithub.com/wraithgar)) - [`aa516b5`](https://togithub.com/npm/node-semver/commit/aa516b50b32f5a144017d8fc1b9efe0540963c91) [#​535](https://togithub.com/npm/node-semver/pull/535) faster parse options ([#​535](https://togithub.com/npm/node-semver/issues/535)) ([@​H4ad](https://togithub.com/H4ad)) - [`61e6ea1`](https://togithub.com/npm/node-semver/commit/61e6ea1e9b7af01baf19ab0c0a63c8e3ebfac97c) [#​536](https://togithub.com/npm/node-semver/pull/536) faster cache key factory for range ([#​536](https://togithub.com/npm/node-semver/issues/536)) ([@​H4ad](https://togithub.com/H4ad)) - [`f8b8b61`](https://togithub.com/npm/node-semver/commit/f8b8b619e71746a47852a9d301f3087ab311444f) [#​541](https://togithub.com/npm/node-semver/pull/541) optimistic parse ([#​541](https://togithub.com/npm/node-semver/issues/541)) ([@​H4ad](https://togithub.com/H4ad)) - [`796cbe2`](https://togithub.com/npm/node-semver/commit/796cbe29b06d102e1b16f3ed78eaba210ece951e) [#​533](https://togithub.com/npm/node-semver/pull/533) semver.diff prerelease to release recognition ([#​533](https://togithub.com/npm/node-semver/issues/533)) ([@​wraithgar](https://togithub.com/wraithgar), [@​dominique-blockchain](https://togithub.com/dominique-blockchain)) - [`3f222b1`](https://togithub.com/npm/node-semver/commit/3f222b144033525ca9f8a2ce5bc6e02f0401881f) [#​537](https://togithub.com/npm/node-semver/pull/537) reuse comparators on subset ([#​537](https://togithub.com/npm/node-semver/issues/537)) ([@​H4ad](https://togithub.com/H4ad)) - [`f66cc45`](https://togithub.com/npm/node-semver/commit/f66cc45c6e82eebb4b5b51af73e7b8dcaeda7e21) [#​539](https://togithub.com/npm/node-semver/pull/539) faster diff ([#​539](https://togithub.com/npm/node-semver/issues/539)) ([@​H4ad](https://togithub.com/H4ad)) ##### Documentation - [`c5d29df`](https://togithub.com/npm/node-semver/commit/c5d29df6f75741fea27fffe3b88c9c3b28e3ca73) [#​530](https://togithub.com/npm/node-semver/pull/530) Add "Constants" section to README ([@​hcharley](https://togithub.com/hcharley)) ### [`v7.3.8`](https://togithub.com/npm/node-semver/blob/HEAD/CHANGELOG.md#​738-httpsgithubcomnpmnode-semvercomparev737v738-2022-10-04) [Compare Source](https://togithub.com/npm/node-semver/compare/v7.3.7...v7.3.8) ##### Bug Fixes - [`d8ef32c`](https://togithub.com/npm/node-semver/commit/d8ef32cee7a7e34310838f32451c9bcf52956b64) [#​383](https://togithub.com/npm/node-semver/pull/383) add support for node.js esm auto exports ([#​383](https://togithub.com/npm/node-semver/issues/383)) ([@​MylesBorins](https://togithub.com/MylesBorins)) ##### Documentation - [`7209b14`](https://togithub.com/npm/node-semver/commit/7209b14ccd7ca35b9a1077a0b67d9ce884fe6d00) [#​477](https://togithub.com/npm/node-semver/pull/477) update range.js comments to clarify the caret ranges examples ([#​477](https://togithub.com/npm/node-semver/issues/477)) ([@​amitse](https://togithub.com/amitse)) ##### [7.3.7](https://togithub.com/npm/node-semver/compare/v7.3.6...v7.3.7) (2022-04-11) ##### Bug Fixes - allow node >=10 ([85b269a](https://togithub.com/npm/node-semver/commit/85b269a90806713d2a41e8e990b0ea6bc274b171)) - **bin:** get correct value from arg separated by equals ([#​449](https://togithub.com/npm/node-semver/issues/449)) ([4ceca76](https://togithub.com/npm/node-semver/commit/4ceca76729c577166395f19172854cbbcce3cec1)), closes [#​431](https://togithub.com/npm/node-semver/issues/431) - ensure SemVer instance passed to inc are not modified ([#​427](https://togithub.com/npm/node-semver/issues/427)) ([f070dde](https://togithub.com/npm/node-semver/commit/f070dde0cc22894ac254e281cb36a79ab790272d)) - inc prerelease with numeric preid ([#​380](https://togithub.com/npm/node-semver/issues/380)) ([802e161](https://togithub.com/npm/node-semver/commit/802e16174fe2a704dba16e97891ce36dc4f2ad76)) ##### Dependencies - revert to lru-cache@6 ([22ae54d](https://togithub.com/npm/node-semver/commit/22ae54d66c2dec8200947066dbb9c33bb729b8a8)) ##### [7.3.6](https://togithub.com/npm/node-semver/compare/v7.3.5...v7.3.6) (2022-04-05) ##### Bug Fixes - [https://github.com/npm/node-semver/issues/329](https://togithub.com/npm/node-semver/issues/329) ([cb1ca1d](https://togithub.com/npm/node-semver/commit/cb1ca1d5480a6c07c12ac31ba5f2071ed530c4ed)) - properly escape dots in `GTE0` regexes ([#​432](https://togithub.com/npm/node-semver/issues/432)) ([11494f1](https://togithub.com/npm/node-semver/commit/11494f1446a907c8fa5d9cfbc9fab04d553311f5)) - replace deprecated String.prototype.substr() ([#​445](https://togithub.com/npm/node-semver/issues/445)) ([e2d55e7](https://togithub.com/npm/node-semver/commit/e2d55e79f0d288ea88c0e0ba6620fe5636a4a552)) - replace regex used to split ranges ([#​434](https://togithub.com/npm/node-semver/issues/434)) ([9ab7b71](https://togithub.com/npm/node-semver/commit/9ab7b717dd7848c639b8ce3366d2241d430cdad2)) ##### Documentation - clarify \* range behavior ([cb1ca1d](https://togithub.com/npm/node-semver/commit/cb1ca1d5480a6c07c12ac31ba5f2071ed530c4ed)) ##### Dependencies - lru-cache@7.4.0 ([#​442](https://togithub.com/npm/node-semver/issues/442)) ([9a3064c](https://togithub.com/npm/node-semver/commit/9a3064c242cdce3c1c39cae37a83d93ead363b37)) - tap@16.0.0 ([#​439](https://togithub.com/npm/node-semver/issues/439)) ([60cbb3f](https://togithub.com/npm/node-semver/commit/60cbb3fd4a4d32979f3aa0a2aa4e185753106545)) ### [`v7.3.7`](https://togithub.com/npm/node-semver/blob/HEAD/CHANGELOG.md#​737-httpsgithubcomnpmnode-semvercomparev736v737-2022-04-11) [Compare Source](https://togithub.com/npm/node-semver/compare/v7.3.6...v7.3.7) ### [`v7.3.6`](https://togithub.com/npm/node-semver/blob/HEAD/CHANGELOG.md#​736-httpsgithubcomnpmnode-semvercomparev735v736-2022-04-05) [Compare Source](https://togithub.com/npm/node-semver/compare/v7.3.5...v7.3.6) ### [`v7.3.5`](https://togithub.com/npm/node-semver/compare/v7.3.4...v7.3.5) [Compare Source](https://togithub.com/npm/node-semver/compare/v7.3.4...v7.3.5) ### [`v7.3.4`](https://togithub.com/npm/node-semver/compare/v7.3.3...v7.3.4) [Compare Source](https://togithub.com/npm/node-semver/compare/v7.3.3...v7.3.4) ### [`v7.3.3`](https://togithub.com/npm/node-semver/compare/v7.3.2...v7.3.3) [Compare Source](https://togithub.com/npm/node-semver/compare/v7.3.2...v7.3.3)

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.



This PR has been generated by Mend Renovate. View repository job log here.