ljharb
commented
10 months ago a) it's not actually a vulnerability in general; b) we're not using that code path, so it's a false positive; c) we depend on semver v6 with ^ so you can just update your lockfiles.
semver package have a ReDoS vulnerability
you have more info here https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
This vulnerability is fixed on version 7.5.2 Do you think that you can patch this vulnerability by update your semver dep ?