Skip to content

[Security] Bump semver and @mapbox/node-pre-gyp

Bumps semver and @mapbox/node-pre-gyp. These dependencies needed to be updated together. Updates semver from 6.3.0 to 7.5.3 This update includes a security fix.

Vulnerabilities fixed

semver vulnerable to Regular Expression Denial of Service Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.

Patched versions: 7.5.2 Affected versions: < 7.5.2

Release notes

Sourced from semver's releases.

v7.5.3

7.5.3 (2023-06-22)

Bug Fixes

Documentation

v7.5.2

7.5.2 (2023-06-15)

Bug Fixes

v7.5.1

7.5.1 (2023-05-12)

Bug Fixes

v7.5.0

7.5.0 (2023-04-17)

Features

Bug Fixes

v7.4.0

7.4.0 (2023-04-10)

Features

Bug Fixes

... (truncated)

Changelog

Sourced from semver's changelog.

7.5.3 (2023-06-22)

Bug Fixes

Documentation

7.5.2 (2023-06-15)

Bug Fixes

7.5.1 (2023-05-12)

Bug Fixes

7.5.0 (2023-04-17)

Features

Bug Fixes

7.4.0 (2023-04-10)

Features

Bug Fixes

... (truncated)

Commits
  • 7fdf1ef chore: release 7.5.3
  • bf53dd8 docs: add example for > comparator (#569)
  • abdd93d fix: set max lengths in regex for numeric and build identifiers (#571)
  • e7b78de chore: release 7.5.2
  • 58c791f fix: diff when detecting major change from prerelease (#566)
  • 5c8efbc fix: preserve build in raw after inc (#565)
  • 717534e fix: better handling of whitespace (#564)
  • 2f738e9 chore: bump @​npmcli/template-oss from 4.14.1 to 4.15.1 (#558)
  • aa016a6 chore: release 7.5.1
  • d30d25a fix: show type on invalid semver error (#559)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by npm-cli-ops, a new releaser for semver since your current version.


Updates @mapbox/node-pre-gyp from 1.0.10 to 1.0.10

Changelog

Sourced from @​mapbox/node-pre-gyp's changelog.

Commits


Dependabot commands
You can trigger Dependabot actions by commenting on this MR
  • $dependabot rebase will rebase this MR
  • $dependabot recreate will recreate this MR rewriting all the manual changes and resolving conflicts

Merge request reports

Loading