Closed Reni88 closed 6 months ago
This is strange, because nodemon has been using semver@^7.5.3 for over 6 months (as you can see from this commit back in June: https://github.com/remy/nodemon/commit/083b4a6c3e0cd12605c47d5837499edf9b4f81b2 ).
Are you sure or is this just a random generated output from your command line that happens to be out of date?
This issue has been automatically marked as idle and stale because it hasn't had any recent activity. It will be automtically closed if no further activity occurs. If you think this is wrong, or the problem still persists, just pop a reply in the comments and @remy will (try!) to follow up. Thank you for contributing <3
Hi @remy, thank you for the response. Yes, we concluded that we are not using the version with that commit. We will update the package to include this. Thank you again!
Hi,
Good day. Just wanted to inform that we encountered a security issue on one of nodemon dependency for its version 2.0.22:
Dependency: semver Version: 7.0.0
It is raised under this CVE ID: CVE-2022-25883
If this was already discussed and resolution was already delivered. Let us know. Thank you.