fix: SNYK-JS-SEMVER-3247795 security vulnerability fix

Madhust commented 12 months ago

This PR upgrades the semver package to the latest to resolve the synk vulnerability issue.

https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795

Checklist

[x] I have ensured my pull request is not behind the main or master branch of the original repository.
[x] I have rebased all commits where necessary so that reviewing this pull request can be done without having to merge it first.
[x] I have written a commit message that passes commitlint linting.
[x] I have ensured that my code changes pass linting tests.
[x] I have ensured that my code changes pass unit tests.
[x] I have described my pull request and the reasons for code changes along with context if necessary.

titanism commented 12 months ago

This is not a vulnerability.

naile commented 3 months ago

@titanism I assume you mean it's not applicable in this library? Still, it would be great to update to avoid false positives when this library is used. Right now across all repos using this library this dependency is flagged by Snyk, Dependabot, Renovate and the likes. This then requires manual sign-off that it's not applicable.

ladjs / superagent

fix: SNYK-JS-SEMVER-3247795 security vulnerability fix #1771

Checklist