releaser-tools
releaser-tools copied to clipboard
chore(deps): update dependency semver-regex [security]
This PR contains the following updates:
Package | Type | Update | Change | Age | Adoption | Passing | Confidence |
---|---|---|---|---|---|---|---|
semver-regex | 2.0.0 -> 3.1.4 |
||||||
semver-regex | dependencies | major | ^2.0.0 -> ^3.0.0 |
||||
semver-regex | dependencies | major | ^2.0.0 -> ^3.0.0 |
GitHub Vulnerability Alerts
CVE-2021-3795
npm semver-regex
is vulnerable to Inefficient Regular Expression Complexity
CVE-2021-43307
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the semver-regex npm package, when an attacker is able to supply arbitrary input to the test() method
Release Notes
sindresorhus/semver-regex
v3.1.4
- Backport of ReDoS fix https://github.com/sindresorhus/semver-regex/commit/7712ba564d40da101cf2b2b33e6a910d9f2f57f4
v3.1.3
v3.1.2
- Fix regex catastrophic backtracking
6baf2cc
Working around this meant accepting some obscure false-positives. I don't think it will affect any real code, but it's good to be aware of. See the disabled tests in the commit.
v3.1.1
v3.1.0
v3.0.0
Breaking:
Enhancements:
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
- [ ] If you want to rebase/retry this PR, click this checkbox.
This PR has been generated by Mend Renovate. View repository job log here.