node-red-node-test-helper Dependency semver should be updated to version 7.5.2 or later (7.5.4)

Dependency semver should be updated to version 7.5.2 or later (7.5.4)

Open hlovdal opened this issue 2 years ago • 0 comments

https://github.com/npm/node-semver/blob/main/CHANGELOG.md https://github.com/advisories/GHSA-c2qf-rxjj-qqgw

$ npm audit
# npm audit report

semver  7.0.0 - 7.5.1
Severity: moderate
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/node-red-node-test-helper/node_modules/semver
  node-red-node-test-helper  >=0.2.4
  Depends on vulnerable versions of semver
  node_modules/node-red-node-test-helper

2 moderate severity vulnerabilities
...
$

Sep 17 '23 23:09 hlovdal

node-red-node-test-helper node-red-node-test-helper copied to clipboard

Dependency semver should be updated to version 7.5.2 or later (7.5.4)

node-red-node-test-helper
node-red-node-test-helper copied to clipboard