[Security] Bump semver from 5.7.1 to 5.7.2 in /frontend
Bumps semver from 5.7.1 to 5.7.2. This update includes a security fix.
Vulnerabilities fixed
semver vulnerable to Regular Expression Denial of Service Versions of the package semver before 7.5.2 on the 7.x branch, before 6.3.1 on the 6.x branch, and all other versions before 5.7.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.
Patched versions: 5.7.2 Affected versions: < 5.7.2
Release notes
Sourced from semver's releases.
v5.7.2
5.7.2 (2023-07-10)
Bug Fixes
2f8fd41
#585 better handling of whitespace (#585) (@joaomoreno
,@lukekarrys
)
Changelog
Sourced from semver's changelog.
5.7.2 (2023-07-10)
Bug Fixes
2f8fd41
#585 better handling of whitespace (#585) (@joaomoreno
,@lukekarrys
)5.7
- Add
minVersion
method5.6
- Move boolean
loose
param to an options object, with backwards-compatibility protection.- Add ability to opt out of special prerelease version handling with the
includePrerelease
option flag.5.5
- Add version coercion capabilities
5.4
- Add intersection checking
5.3
- Add
minSatisfying
method5.2
- Add
prerelease(v)
that returns prerelease components5.1
- Add Backus-Naur for ranges
- Remove excessively cute inspection methods
5.0
- Remove AMD/Browserified build artifacts
- Fix ltr and gtr when using the
*
range- Fix for range
*
with a prerelease identifier
Commits
Maintainer changes
This version was pushed to npm by lukekarrys, a new releaser for semver since your current version.
Dependabot commands
You can trigger Dependabot actions by commenting on this MR
-
$dependabot recreate
will recreate this MR rewriting all the manual changes and resolving conflicts