-
-
Notifications
You must be signed in to change notification settings - Fork 1.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Upgrade semver
to fix vulnerability
#2806
Comments
Like most CVEs, it's a false positive. We're not using We can't ever bump the semver version because v7 drops support for engines we support, so unless the fix is backported to v6, it'll just have to remain a false positive. |
@ljharb apologies for the duplicate 🙈 And the explanation is sensible...appreciate it 🙏 |
This was referenced Jun 27, 2023
Closed
Closed
This was referenced Jul 3, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
There is a vulnerability with
semver
<7.5.2
:GHSA-c2qf-rxjj-qqgw
The solution is to upgrade
semver
to7.5.3
which includes a patch to fix the vulnerability.The text was updated successfully, but these errors were encountered: