Skip to content

Dependency semver should be updated to version 7.5.2 or later (7.5.4) #68

New issue
New issue
Open
Open
Dependency semver should be updated to version 7.5.2 or later (7.5.4)#68
@hlovdal

Description

@hlovdal
hlovdal
opened on Sep 17, 2023

https://github.com/npm/node-semver/blob/main/CHANGELOG.md
GHSA-c2qf-rxjj-qqgw

$ npm audit
# npm audit report

semver  7.0.0 - 7.5.1
Severity: moderate
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
fix available via `npm audit fix --force`
Will install node-red-node-test-helper@0.2.3, which is a breaking change
node_modules/node-red-node-test-helper/node_modules/semver
  node-red-node-test-helper  >=0.2.4
  Depends on vulnerable versions of semver
  node_modules/node-red-node-test-helper

2 moderate severity vulnerabilities
...
$

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions