Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.
Release Notes
npm/node-semver (semver)
### [`v7.5.2`](https://togithub.com/npm/node-semver/blob/HEAD/CHANGELOG.md#752-httpsgithubcomnpmnode-semvercomparev751v752-2023-06-15)
[Compare Source](https://togithub.com/npm/node-semver/compare/v7.5.1...v7.5.2)
##### Bug Fixes
- [`58c791f`](https://togithub.com/npm/node-semver/commit/58c791f40ba8cf4be35a5ca6644353ecd6249edc) [#566](https://togithub.com/npm/node-semver/pull/566) diff when detecting major change from prerelease ([#566](https://togithub.com/npm/node-semver/issues/566)) ([@lukekarrys](https://togithub.com/lukekarrys))
- [`5c8efbc`](https://togithub.com/npm/node-semver/commit/5c8efbcb3c6c125af10746d054faff13e8c33fbd) [#565](https://togithub.com/npm/node-semver/pull/565) preserve build in raw after inc ([#565](https://togithub.com/npm/node-semver/issues/565)) ([@lukekarrys](https://togithub.com/lukekarrys))
- [`717534e`](https://togithub.com/npm/node-semver/commit/717534ee353682f3bcf33e60a8af4292626d4441) [#564](https://togithub.com/npm/node-semver/pull/564) better handling of whitespace ([#564](https://togithub.com/npm/node-semver/issues/564)) ([@lukekarrys](https://togithub.com/lukekarrys))
### [`v7.5.1`](https://togithub.com/npm/node-semver/blob/HEAD/CHANGELOG.md#751-httpsgithubcomnpmnode-semvercomparev750v751-2023-05-12)
[Compare Source](https://togithub.com/npm/node-semver/compare/v7.5.0...v7.5.1)
##### Bug Fixes
- [`d30d25a`](https://togithub.com/npm/node-semver/commit/d30d25a5c1fb963c3cc9178cb1769fe45e4a3cab) [#559](https://togithub.com/npm/node-semver/pull/559) show type on invalid semver error ([#559](https://togithub.com/npm/node-semver/issues/559)) ([@tjenkinson](https://togithub.com/tjenkinson))
### [`v7.5.0`](https://togithub.com/npm/node-semver/blob/HEAD/CHANGELOG.md#750-httpsgithubcomnpmnode-semvercomparev740v750-2023-04-17)
[Compare Source](https://togithub.com/npm/node-semver/compare/v7.4.0...v7.5.0)
##### Features
- [`503a4e5`](https://togithub.com/npm/node-semver/commit/503a4e52fe2b1c6ed1400d33149f7733c8361eed) [#548](https://togithub.com/npm/node-semver/pull/548) allow identifierBase to be false ([#548](https://togithub.com/npm/node-semver/issues/548)) ([@lsvalina](https://togithub.com/lsvalina))
##### Bug Fixes
- [`e219bb4`](https://togithub.com/npm/node-semver/commit/e219bb454036a0c23e34407591f921c8edb688e7) [#552](https://togithub.com/npm/node-semver/pull/552) throw on bad version with correct error message ([#552](https://togithub.com/npm/node-semver/issues/552)) ([@wraithgar](https://togithub.com/wraithgar))
- [`fc2f3df`](https://togithub.com/npm/node-semver/commit/fc2f3df0b5d25253b3580607e111a9a280d888ca) [#546](https://togithub.com/npm/node-semver/pull/546) incorrect results from diff sometimes with prerelease versions ([#546](https://togithub.com/npm/node-semver/issues/546)) ([@tjenkinson](https://togithub.com/tjenkinson))
- [`2781767`](https://togithub.com/npm/node-semver/commit/27817677794f592b592bf6181a80a4824ff762b2) [#547](https://togithub.com/npm/node-semver/pull/547) avoid re-instantiating SemVer during diff compare ([#547](https://togithub.com/npm/node-semver/issues/547)) ([@macno](https://togithub.com/macno))
### [`v7.4.0`](https://togithub.com/npm/node-semver/blob/HEAD/CHANGELOG.md#740-httpsgithubcomnpmnode-semvercomparev738v740-2023-04-10)
[Compare Source](https://togithub.com/npm/node-semver/compare/v7.3.8...v7.4.0)
##### Features
- [`113f513`](https://togithub.com/npm/node-semver/commit/113f51312a1a6b6aa50d4f9486b4fde21782c1f5) [#532](https://togithub.com/npm/node-semver/pull/532) identifierBase parameter for .inc ([#532](https://togithub.com/npm/node-semver/issues/532)) ([@wraithgar](https://togithub.com/wraithgar), [@b-bly](https://togithub.com/b-bly))
- [`48d8f8f`](https://togithub.com/npm/node-semver/commit/48d8f8fa63bf6e35db70ff840b6da1a51596a5a8) [#530](https://togithub.com/npm/node-semver/pull/530) export new RELEASE_TYPES constant ([@hcharley](https://togithub.com/hcharley))
##### Bug Fixes
- [`940723d`](https://togithub.com/npm/node-semver/commit/940723d22bca824993627c45ac30dd3d2854b8cd) [#538](https://togithub.com/npm/node-semver/pull/538) intersects with v0.0.0 and v0.0.0-0 ([#538](https://togithub.com/npm/node-semver/issues/538)) ([@wraithgar](https://togithub.com/wraithgar))
- [`aa516b5`](https://togithub.com/npm/node-semver/commit/aa516b50b32f5a144017d8fc1b9efe0540963c91) [#535](https://togithub.com/npm/node-semver/pull/535) faster parse options ([#535](https://togithub.com/npm/node-semver/issues/535)) ([@H4ad](https://togithub.com/H4ad))
- [`61e6ea1`](https://togithub.com/npm/node-semver/commit/61e6ea1e9b7af01baf19ab0c0a63c8e3ebfac97c) [#536](https://togithub.com/npm/node-semver/pull/536) faster cache key factory for range ([#536](https://togithub.com/npm/node-semver/issues/536)) ([@H4ad](https://togithub.com/H4ad))
- [`f8b8b61`](https://togithub.com/npm/node-semver/commit/f8b8b619e71746a47852a9d301f3087ab311444f) [#541](https://togithub.com/npm/node-semver/pull/541) optimistic parse ([#541](https://togithub.com/npm/node-semver/issues/541)) ([@H4ad](https://togithub.com/H4ad))
- [`796cbe2`](https://togithub.com/npm/node-semver/commit/796cbe29b06d102e1b16f3ed78eaba210ece951e) [#533](https://togithub.com/npm/node-semver/pull/533) semver.diff prerelease to release recognition ([#533](https://togithub.com/npm/node-semver/issues/533)) ([@wraithgar](https://togithub.com/wraithgar), [@dominique-blockchain](https://togithub.com/dominique-blockchain))
- [`3f222b1`](https://togithub.com/npm/node-semver/commit/3f222b144033525ca9f8a2ce5bc6e02f0401881f) [#537](https://togithub.com/npm/node-semver/pull/537) reuse comparators on subset ([#537](https://togithub.com/npm/node-semver/issues/537)) ([@H4ad](https://togithub.com/H4ad))
- [`f66cc45`](https://togithub.com/npm/node-semver/commit/f66cc45c6e82eebb4b5b51af73e7b8dcaeda7e21) [#539](https://togithub.com/npm/node-semver/pull/539) faster diff ([#539](https://togithub.com/npm/node-semver/issues/539)) ([@H4ad](https://togithub.com/H4ad))
##### Documentation
- [`c5d29df`](https://togithub.com/npm/node-semver/commit/c5d29df6f75741fea27fffe3b88c9c3b28e3ca73) [#530](https://togithub.com/npm/node-semver/pull/530) Add "Constants" section to README ([@hcharley](https://togithub.com/hcharley))
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, check this box
This PR has been generated by Mend Renovate. View repository job log here.
This PR contains the following updates:
7.3.8
->7.5.2
GitHub Vulnerability Alerts
CVE-2022-25883
Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.
Release Notes
npm/node-semver (semver)
### [`v7.5.2`](https://togithub.com/npm/node-semver/blob/HEAD/CHANGELOG.md#752-httpsgithubcomnpmnode-semvercomparev751v752-2023-06-15) [Compare Source](https://togithub.com/npm/node-semver/compare/v7.5.1...v7.5.2) ##### Bug Fixes - [`58c791f`](https://togithub.com/npm/node-semver/commit/58c791f40ba8cf4be35a5ca6644353ecd6249edc) [#566](https://togithub.com/npm/node-semver/pull/566) diff when detecting major change from prerelease ([#566](https://togithub.com/npm/node-semver/issues/566)) ([@lukekarrys](https://togithub.com/lukekarrys)) - [`5c8efbc`](https://togithub.com/npm/node-semver/commit/5c8efbcb3c6c125af10746d054faff13e8c33fbd) [#565](https://togithub.com/npm/node-semver/pull/565) preserve build in raw after inc ([#565](https://togithub.com/npm/node-semver/issues/565)) ([@lukekarrys](https://togithub.com/lukekarrys)) - [`717534e`](https://togithub.com/npm/node-semver/commit/717534ee353682f3bcf33e60a8af4292626d4441) [#564](https://togithub.com/npm/node-semver/pull/564) better handling of whitespace ([#564](https://togithub.com/npm/node-semver/issues/564)) ([@lukekarrys](https://togithub.com/lukekarrys)) ### [`v7.5.1`](https://togithub.com/npm/node-semver/blob/HEAD/CHANGELOG.md#751-httpsgithubcomnpmnode-semvercomparev750v751-2023-05-12) [Compare Source](https://togithub.com/npm/node-semver/compare/v7.5.0...v7.5.1) ##### Bug Fixes - [`d30d25a`](https://togithub.com/npm/node-semver/commit/d30d25a5c1fb963c3cc9178cb1769fe45e4a3cab) [#559](https://togithub.com/npm/node-semver/pull/559) show type on invalid semver error ([#559](https://togithub.com/npm/node-semver/issues/559)) ([@tjenkinson](https://togithub.com/tjenkinson)) ### [`v7.5.0`](https://togithub.com/npm/node-semver/blob/HEAD/CHANGELOG.md#750-httpsgithubcomnpmnode-semvercomparev740v750-2023-04-17) [Compare Source](https://togithub.com/npm/node-semver/compare/v7.4.0...v7.5.0) ##### Features - [`503a4e5`](https://togithub.com/npm/node-semver/commit/503a4e52fe2b1c6ed1400d33149f7733c8361eed) [#548](https://togithub.com/npm/node-semver/pull/548) allow identifierBase to be false ([#548](https://togithub.com/npm/node-semver/issues/548)) ([@lsvalina](https://togithub.com/lsvalina)) ##### Bug Fixes - [`e219bb4`](https://togithub.com/npm/node-semver/commit/e219bb454036a0c23e34407591f921c8edb688e7) [#552](https://togithub.com/npm/node-semver/pull/552) throw on bad version with correct error message ([#552](https://togithub.com/npm/node-semver/issues/552)) ([@wraithgar](https://togithub.com/wraithgar)) - [`fc2f3df`](https://togithub.com/npm/node-semver/commit/fc2f3df0b5d25253b3580607e111a9a280d888ca) [#546](https://togithub.com/npm/node-semver/pull/546) incorrect results from diff sometimes with prerelease versions ([#546](https://togithub.com/npm/node-semver/issues/546)) ([@tjenkinson](https://togithub.com/tjenkinson)) - [`2781767`](https://togithub.com/npm/node-semver/commit/27817677794f592b592bf6181a80a4824ff762b2) [#547](https://togithub.com/npm/node-semver/pull/547) avoid re-instantiating SemVer during diff compare ([#547](https://togithub.com/npm/node-semver/issues/547)) ([@macno](https://togithub.com/macno)) ### [`v7.4.0`](https://togithub.com/npm/node-semver/blob/HEAD/CHANGELOG.md#740-httpsgithubcomnpmnode-semvercomparev738v740-2023-04-10) [Compare Source](https://togithub.com/npm/node-semver/compare/v7.3.8...v7.4.0) ##### Features - [`113f513`](https://togithub.com/npm/node-semver/commit/113f51312a1a6b6aa50d4f9486b4fde21782c1f5) [#532](https://togithub.com/npm/node-semver/pull/532) identifierBase parameter for .inc ([#532](https://togithub.com/npm/node-semver/issues/532)) ([@wraithgar](https://togithub.com/wraithgar), [@b-bly](https://togithub.com/b-bly)) - [`48d8f8f`](https://togithub.com/npm/node-semver/commit/48d8f8fa63bf6e35db70ff840b6da1a51596a5a8) [#530](https://togithub.com/npm/node-semver/pull/530) export new RELEASE_TYPES constant ([@hcharley](https://togithub.com/hcharley)) ##### Bug Fixes - [`940723d`](https://togithub.com/npm/node-semver/commit/940723d22bca824993627c45ac30dd3d2854b8cd) [#538](https://togithub.com/npm/node-semver/pull/538) intersects with v0.0.0 and v0.0.0-0 ([#538](https://togithub.com/npm/node-semver/issues/538)) ([@wraithgar](https://togithub.com/wraithgar)) - [`aa516b5`](https://togithub.com/npm/node-semver/commit/aa516b50b32f5a144017d8fc1b9efe0540963c91) [#535](https://togithub.com/npm/node-semver/pull/535) faster parse options ([#535](https://togithub.com/npm/node-semver/issues/535)) ([@H4ad](https://togithub.com/H4ad)) - [`61e6ea1`](https://togithub.com/npm/node-semver/commit/61e6ea1e9b7af01baf19ab0c0a63c8e3ebfac97c) [#536](https://togithub.com/npm/node-semver/pull/536) faster cache key factory for range ([#536](https://togithub.com/npm/node-semver/issues/536)) ([@H4ad](https://togithub.com/H4ad)) - [`f8b8b61`](https://togithub.com/npm/node-semver/commit/f8b8b619e71746a47852a9d301f3087ab311444f) [#541](https://togithub.com/npm/node-semver/pull/541) optimistic parse ([#541](https://togithub.com/npm/node-semver/issues/541)) ([@H4ad](https://togithub.com/H4ad)) - [`796cbe2`](https://togithub.com/npm/node-semver/commit/796cbe29b06d102e1b16f3ed78eaba210ece951e) [#533](https://togithub.com/npm/node-semver/pull/533) semver.diff prerelease to release recognition ([#533](https://togithub.com/npm/node-semver/issues/533)) ([@wraithgar](https://togithub.com/wraithgar), [@dominique-blockchain](https://togithub.com/dominique-blockchain)) - [`3f222b1`](https://togithub.com/npm/node-semver/commit/3f222b144033525ca9f8a2ce5bc6e02f0401881f) [#537](https://togithub.com/npm/node-semver/pull/537) reuse comparators on subset ([#537](https://togithub.com/npm/node-semver/issues/537)) ([@H4ad](https://togithub.com/H4ad)) - [`f66cc45`](https://togithub.com/npm/node-semver/commit/f66cc45c6e82eebb4b5b51af73e7b8dcaeda7e21) [#539](https://togithub.com/npm/node-semver/pull/539) faster diff ([#539](https://togithub.com/npm/node-semver/issues/539)) ([@H4ad](https://togithub.com/H4ad)) ##### Documentation - [`c5d29df`](https://togithub.com/npm/node-semver/commit/c5d29df6f75741fea27fffe3b88c9c3b28e3ca73) [#530](https://togithub.com/npm/node-semver/pull/530) Add "Constants" section to README ([@hcharley](https://togithub.com/hcharley))Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.