Upgrade to semver > 7.5.2

mapbox / node-pre-gyp

Node.js tool for easy binary deployment of C++ addons

BSD 3-Clause "New" or "Revised" License

1.11k stars 260 forks source link

Upgrade to semver > 7.5.2 #696

Closed chetan1507 closed 1 month ago

chetan1507 commented 12 months ago

The current version of server has the following security vulnerability. Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.

---ISSUE DETAILS--- *IssueId: CVE-2022-25883 Severity: MEDIUM

Requesting to upgrade the version to > 7.5.2

srinivas365 commented 11 months ago

https://github.com/mapbox/node-pre-gyp/pull/699

Please merge this commit