ember-cli-version-checker icon indicating copy to clipboard operation
ember-cli-version-checker copied to clipboard

Published 20 hours ago verified publisher icon ember-cli

Bump semver to ^7.5.3 to resolve security vulnerability

Open Tyharo1 opened this issue 1 year ago • 1 comments

The current version of semver being used has a ReDos security vulnerability detected by Snyk. A more recent version of semver resolved this issue (v7.5.2 and above). I bumped the semver version to its latest to resolve the vulnerability (v7.5.3).

For further details on this vulnerability you can view Synks details on it here

Tyharo1 avatar Jun 26 '23 15:06 Tyharo1

@rwjblue You appear to be the most active in this code base, is there a specific contributer I should tag to potentially discuss/review this PR?

Tyharo1 avatar Jun 28 '23 15:06 Tyharo1