Semver package security issue

[doctenahasib]

The package semver version 5.4.1 has a security issue and allows attackers to do a ReDoS. Can you please update that package to the latest version ?

https://github.com/serverless/serverless-plugin-log-retention/blob/master/package.json#L27

[hashanotrium]

Any update here? `npm audit

npm audit report

semver <5.7.2 Severity: moderate semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw No fix available node_modules/serverless-plugin-log-retention/node_modules/semver serverless-plugin-log-retention * Depends on vulnerable versions of semver node_modules/serverless-plugin-log-retention`

[fedeam]

Any update here? `npm audit

[openam]

I ended up just using the built-in serverless log retentions settings, and stopped using this plugin, https://www.serverless.com/framework/docs/providers/aws/guide/functions#log-group-resources