Elliot Rice

Its still listing as an issue in version 3.0.1 in tools like Meterian The [github advisory](https://github.com/advisories/GHSA-x4w5-r546-x9qh) seems to contradict itself saying that 3.0.1 patches the issue but also stating: "No...

Included a bit of a simpler example below to help get to the root of the issue:  ```yaml openapi: 3.0.0 info: description: Example issue version: 1.0.4 title: Mock Server...

@antongolub as we're using `"multi-semantic-release": "^2.5.3"` in our project can we simply hot swap to `"@qiwi/multi-semantic-release": "3.12.2"` or should we wait until the fix makes it upstream to `dhoulb/multi-semantic-release`?

Our first release since switching has upgraded the changelog and dependencies correctly. However the second release exhibited the familiar problem: 

@antongolub, Sure. We use the `release` section in the `packages.json` rather than a `.releaserc`. I included these on the original issue I logged [dhoulb#47](https://github.com/dhoulb/multi-semantic-release/issues/47). Those settings haven't changed.

FYI we're now using [semantic-release-monorepo](https://github.com/pmowrer/semantic-release-monorepo) which doesn't attempt to update package references so it avoids this problem. We leave references as `~1.x` so that the latest package is always referenced