Closed Madhust closed 12 months ago
This is not a vulnerability.
@titanism I assume you mean it's not applicable in this library? Still, it would be great to update to avoid false positives when this library is used. Right now across all repos using this library this dependency is flagged by Snyk, Dependabot, Renovate and the likes. This then requires manual sign-off that it's not applicable.
This PR upgrades the
semver
package to the latest to resolve the synk vulnerability issue.https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795
Checklist