[Security] Bump semver and @mapbox/node-pre-gyp
Bumps semver and @mapbox/node-pre-gyp. These dependencies needed to be updated together.
Updates semver
from 6.3.1 to 7.5.4 This update includes a security fix.
Vulnerabilities fixed
semver vulnerable to Regular Expression Denial of Service Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.
Patched versions: 7.5.2 Affected versions: < 7.5.2
Release notes
Sourced from semver's releases.
v7.5.4
7.5.4 (2023-07-07)
Bug Fixes
cc6fde2
#588 trim each range set before parsing (@lukekarrys
)99d8287
#583 correctly parse long build ids as valid (#583) (@lukekarrys
)v7.5.3
7.5.3 (2023-06-22)
Bug Fixes
abdd93d
#571 set max lengths in regex for numeric and build identifiers (#571) (@lukekarrys
)Documentation
v7.5.2
7.5.2 (2023-06-15)
Bug Fixes
58c791f
#566 diff when detecting major change from prerelease (#566) (@lukekarrys
)5c8efbc
#565 preserve build in raw after inc (#565) (@lukekarrys
)717534e
#564 better handling of whitespace (#564) (@lukekarrys
)v7.5.1
7.5.1 (2023-05-12)
Bug Fixes
d30d25a
#559 show type on invalid semver error (#559) (@tjenkinson
)v7.5.0
7.5.0 (2023-04-17)
Features
503a4e5
#548 allow identifierBase to be false (#548) (@lsvalina
)Bug Fixes
e219bb4
#552 throw on bad version with correct error message (#552) (@wraithgar
)fc2f3df
#546 incorrect results from diff sometimes with prerelease versions (#546) (@tjenkinson
)2781767
#547 avoid re-instantiating SemVer during diff compare (#547) (@macno
)v7.4.0
7.4.0 (2023-04-10)
... (truncated)
Changelog
Sourced from semver's changelog.
7.5.4 (2023-07-07)
Bug Fixes
cc6fde2
#588 trim each range set before parsing (@lukekarrys
)99d8287
#583 correctly parse long build ids as valid (#583) (@lukekarrys
)7.5.3 (2023-06-22)
Bug Fixes
abdd93d
#571 set max lengths in regex for numeric and build identifiers (#571) (@lukekarrys
)Documentation
7.5.2 (2023-06-15)
Bug Fixes
58c791f
#566 diff when detecting major change from prerelease (#566) (@lukekarrys
)5c8efbc
#565 preserve build in raw after inc (#565) (@lukekarrys
)717534e
#564 better handling of whitespace (#564) (@lukekarrys
)7.5.1 (2023-05-12)
Bug Fixes
d30d25a
#559 show type on invalid semver error (#559) (@tjenkinson
)7.5.0 (2023-04-17)
Features
503a4e5
#548 allow identifierBase to be false (#548) (@lsvalina
)Bug Fixes
e219bb4
#552 throw on bad version with correct error message (#552) (@wraithgar
)fc2f3df
#546 incorrect results from diff sometimes with prerelease versions (#546) (@tjenkinson
)2781767
#547 avoid re-instantiating SemVer during diff compare (#547) (@macno
)7.4.0 (2023-04-10)
Features
113f513
#532 identifierBase parameter for .inc (#532) (@wraithgar
,@b-bly
)48d8f8f
#530 export new RELEASE_TYPES constant (@hcharley
)
... (truncated)
Commits
-
36cd334
chore: release 7.5.4 -
8456d87
chore: postinstall for dependabot template-oss PR -
dde1f00
chore: postinstall for dependabot template-oss PR -
dffcd1b
chore: bump@npmcli/template-oss
from 4.16.0 to 4.17.0 -
d619f66
chore: postinstall for dependabot template-oss PR -
3bc4247
chore: bump@npmcli/template-oss
from 4.15.1 to 4.16.0 -
cc6fde2
fix: trim each range set before parsing -
99d8287
fix: correctly parse long build ids as valid (#583) -
4f0f6b1
chore: fix arguments in whitespace test (#574) -
6bd1a37
chore: remove duplicate test in semver class (#575) - Additional commits viewable in compare view
Updates @mapbox/node-pre-gyp
from 1.0.10 to 1.0.10
Changelog
Sourced from @mapbox/node-pre-gyp
's changelog.
Commits
- See full diff in compare view
Dependabot commands
You can trigger Dependabot actions by commenting on this MR
-
$dependabot rebase
will rebase this MR -
$dependabot recreate
will recreate this MR rewriting all the manual changes and resolving conflicts