[Security] Bump semver and @mapbox/node-pre-gyp
Bumps semver and @mapbox/node-pre-gyp. These dependencies needed to be updated together.
Updates semver
from 7.3.7 to 7.5.3 This update includes a security fix.
Vulnerabilities fixed
semver vulnerable to Regular Expression Denial of Service Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.
Patched versions: 7.5.2 Affected versions: < 7.5.2
Release notes
Sourced from semver's releases.
v7.5.3
7.5.3 (2023-06-22)
Bug Fixes
abdd93d
#571 set max lengths in regex for numeric and build identifiers (#571) (@lukekarrys
)Documentation
v7.5.2
7.5.2 (2023-06-15)
Bug Fixes
58c791f
#566 diff when detecting major change from prerelease (#566) (@lukekarrys
)5c8efbc
#565 preserve build in raw after inc (#565) (@lukekarrys
)717534e
#564 better handling of whitespace (#564) (@lukekarrys
)v7.5.1
7.5.1 (2023-05-12)
Bug Fixes
d30d25a
#559 show type on invalid semver error (#559) (@tjenkinson
)v7.5.0
7.5.0 (2023-04-17)
Features
503a4e5
#548 allow identifierBase to be false (#548) (@lsvalina
)Bug Fixes
e219bb4
#552 throw on bad version with correct error message (#552) (@wraithgar
)fc2f3df
#546 incorrect results from diff sometimes with prerelease versions (#546) (@tjenkinson
)2781767
#547 avoid re-instantiating SemVer during diff compare (#547) (@macno
)v7.4.0
7.4.0 (2023-04-10)
Features
113f513
#532 identifierBase parameter for .inc (#532) (@wraithgar
,@b-bly
)48d8f8f
#530 export new RELEASE_TYPES constant (@hcharley
)Bug Fixes
... (truncated)
Changelog
Sourced from semver's changelog.
7.5.3 (2023-06-22)
Bug Fixes
abdd93d
#571 set max lengths in regex for numeric and build identifiers (#571) (@lukekarrys
)Documentation
7.5.2 (2023-06-15)
Bug Fixes
58c791f
#566 diff when detecting major change from prerelease (#566) (@lukekarrys
)5c8efbc
#565 preserve build in raw after inc (#565) (@lukekarrys
)717534e
#564 better handling of whitespace (#564) (@lukekarrys
)7.5.1 (2023-05-12)
Bug Fixes
d30d25a
#559 show type on invalid semver error (#559) (@tjenkinson
)7.5.0 (2023-04-17)
Features
503a4e5
#548 allow identifierBase to be false (#548) (@lsvalina
)Bug Fixes
e219bb4
#552 throw on bad version with correct error message (#552) (@wraithgar
)fc2f3df
#546 incorrect results from diff sometimes with prerelease versions (#546) (@tjenkinson
)2781767
#547 avoid re-instantiating SemVer during diff compare (#547) (@macno
)7.4.0 (2023-04-10)
Features
113f513
#532 identifierBase parameter for .inc (#532) (@wraithgar
,@b-bly
)48d8f8f
#530 export new RELEASE_TYPES constant (@hcharley
)Bug Fixes
940723d
#538 intersects with v0.0.0 and v0.0.0-0 (#538) (@wraithgar
)aa516b5
#535 faster parse options (#535) (@H4ad
)61e6ea1
#536 faster cache key factory for range (#536) (@H4ad
)f8b8b61
#541 optimistic parse (#541) (@H4ad
)796cbe2
#533 semver.diff prerelease to release recognition (#533) (@wraithgar
,@dominique-blockchain
)
... (truncated)
Commits
-
7fdf1ef
chore: release 7.5.3 -
bf53dd8
docs: add example for>
comparator (#569) -
abdd93d
fix: set max lengths in regex for numeric and build identifiers (#571) -
e7b78de
chore: release 7.5.2 -
58c791f
fix: diff when detecting major change from prerelease (#566) -
5c8efbc
fix: preserve build in raw after inc (#565) -
717534e
fix: better handling of whitespace (#564) -
2f738e9
chore: bump@npmcli/template-oss
from 4.14.1 to 4.15.1 (#558) -
aa016a6
chore: release 7.5.1 -
d30d25a
fix: show type on invalid semver error (#559) - Additional commits viewable in compare view
Maintainer changes
This version was pushed to npm by npm-cli-ops, a new releaser for semver since your current version.
Updates @mapbox/node-pre-gyp
from 1.0.9 to 1.0.9
Changelog
Sourced from @mapbox/node-pre-gyp
's changelog.
Commits
- See full diff in compare view
Dependabot commands
You can trigger Dependabot actions by commenting on this MR
-
$dependabot rebase
will rebase this MR -
$dependabot recreate
will recreate this MR rewriting all the manual changes and resolving conflicts