Bump semver from 7.3.0 to 7.5.4

[Nicholas-Arthur-Cook]

Requirements

• [x] ~I have added test coverage for new or changed functionality~ (Just a package bump, no changed functionality)
• [x] I have followed the repository's pull request submission guidelines
• [x] I have validated my changes against all supported platform versions

Related issues

CVE-2022-25883

Describe the solution you've provided

The security warning CVE-2022-25883 mentions that there was a ReDos through semver's Range function, which is not used in this codebase. However, having the old version causes security warnings for tools that use the launchdarkly-node-server-sdk npm package.

Describe alternatives you've considered

An alternative is waiting for the LaunchDarkly SDK team to update this themselves, or to open an issue to track this, but since it's a minor patch bump, I thought this was the most convenient way.

Additional context

n/a

[kinyoklion]

Hello @Nicholas-Arthur-Cook,

Thank you for the contribution.

As an aside the most recent version of this pacakge is already using 7.5.4. Development has moved to: https://github.com/launchdarkly/js-core/tree/main/packages/sdk/server-node

And the package is now @launchdarkly/node-server-sdk.

Relevant package.json: https://github.com/launchdarkly/js-core/blob/36eb906e4cb77277b0d11ffb2488050c87b41026/packages/shared/sdk-server/package.json#L32C22-L32C22

The 7.x SDK has long term support, so bumping the minimum here will still be done.

It is worth noting that it isn't pinned to a minor, so an actual install will likely have a newer version, unless a package lock is forcing this version.

Thanks, Ryan

[kinyoklion]

@Nicholas-Arthur-Cook Released in 7.0.3.