search

jfrog / jfrog-vscode-extension

JFrog VS-Code Extension
https://jfrog.github.io/jfrog-vscode-extension
Apache License 2.0
189 stars 34 forks source link

[🐸 Frogbot] Update version of semver to [5.7.2] #389

Closed github-actions[bot] closed 1 year ago

github-actions[bot] commented 1 year ago
[![](https://raw.githubusercontent.com/jfrog/frogbot/master/resources/v2/vulnerabilitiesFixBannerPR.png)](https://github.com/jfrog/frogbot#readme)

📦 Vulnerable Dependencies

✍️ Summary

| SEVERITY | CONTEXTUAL ANALYSIS | DIRECT DEPENDENCIES | IMPACTED DEPENDENCY | FIXED VERSIONS | | :---------------------: | :----------------------------------: | :----------------------------------: | :-----------------------------------: | :---------------------------------: | | ![](https://raw.githubusercontent.com/jfrog/frogbot/master/resources/v2/applicableHighSeverity.png)
High | Undetermined |ovsx:0.5.2

semver:7.3.8

@typescript-eslint/parser:5.59.1

keytar:7.9.0

vsce:2.15.0

@typescript-eslint/eslint-plugin:5.59.1

ts-loader:9.4.2 | semver:7.3.8 | [5.7.2]

[6.3.1]

[7.5.2] |

👇 Details

Description:

Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.

[JFrog Frogbot](https://github.com/jfrog/frogbot#readme)