fix(deps): update dependency semver to v7.5.2 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
semver	7.3.5 -> 7.5.2

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

GitHub Vulnerability Alerts

CVE-2022-25883

Versions of the package semver before 7.5.2 on the 7.x branch, before 6.3.1 on the 6.x branch, and all other versions before 5.7.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.

---

Release Notes

npm/node-semver (semver)

v7.5.2

Compare Source

Bug Fixes

• 58c791f #​566 diff when detecting major change from prerelease (#​566) (@​lukekarrys)
• 5c8efbc #​565 preserve build in raw after inc (#​565) (@​lukekarrys)
• 717534e #​564 better handling of whitespace (#​564) (@​lukekarrys)

v7.5.1

Compare Source

Bug Fixes

• d30d25a #​559 show type on invalid semver error (#​559) (@​tjenkinson)

v7.5.0

Compare Source

Features

• 503a4e5 #​548 allow identifierBase to be false (#​548) (@​lsvalina)

Bug Fixes

• e219bb4 #​552 throw on bad version with correct error message (#​552) (@​wraithgar)
• fc2f3df #​546 incorrect results from diff sometimes with prerelease versions (#​546) (@​tjenkinson)
• 2781767 #​547 avoid re-instantiating SemVer during diff compare (#​547) (@​macno)

v7.4.0

Compare Source

Features

• 113f513 #​532 identifierBase parameter for .inc (#​532) (@​wraithgar, @​b-bly)
• 48d8f8f #​530 export new RELEASE_TYPES constant (@​hcharley)

Bug Fixes

• 940723d #​538 intersects with v0.0.0 and v0.0.0-0 (#​538) (@​wraithgar)
• aa516b5 #​535 faster parse options (#​535) (@​H4ad)
• 61e6ea1 #​536 faster cache key factory for range (#​536) (@​H4ad)
• f8b8b61 #​541 optimistic parse (#​541) (@​H4ad)
• 796cbe2 #​533 semver.diff prerelease to release recognition (#​533) (@​wraithgar, @​dominique-blockchain)
• 3f222b1 #​537 reuse comparators on subset (#​537) (@​H4ad)
• f66cc45 #​539 faster diff (#​539) (@​H4ad)

Documentation

• c5d29df #​530 Add "Constants" section to README (@​hcharley)

v7.3.8

Compare Source

Bug Fixes

• d8ef32c #​383 add support for node.js esm auto exports (#​383) (@​MylesBorins)

Documentation

• 7209b14 #​477 update range.js comments to clarify the caret ranges examples (#​477) (@​amitse)

7.3.7 (2022-04-11)

Bug Fixes

• allow node >=10 (85b269a)
• bin: get correct value from arg separated by equals (#​449) (4ceca76), closes #​431
• ensure SemVer instance passed to inc are not modified (#​427) (f070dde)
• inc prerelease with numeric preid (#​380) (802e161)

Dependencies

• revert to lru-cache@6 (22ae54d)

7.3.6 (2022-04-05)

Bug Fixes

• https://github.com/npm/node-semver/issues/329 (cb1ca1d)
• properly escape dots in GTE0 regexes (#​432) (11494f1)
• replace deprecated String.prototype.substr() (#​445) (e2d55e7)
• replace regex used to split ranges (#​434) (9ab7b71)

Documentation

• clarify * range behavior (cb1ca1d)

Dependencies

• lru-cache@7.4.0 (#​442) (9a3064c)
• tap@16.0.0 (#​439) (60cbb3f)

v7.3.7

Compare Source

v7.3.6

Compare Source

---

Configuration

📅 Schedule: Branch creation - "" in timezone Europe/Paris, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@babel/helper-environment-visitor@7.22.20	None	0	6.56 kB	nicolo-ribaudo
npm/@babel/helper-string-parser@7.24.1	None	0	31.7 kB	nicolo-ribaudo
npm/@babel/helper-validator-identifier@7.22.20	None	0	49.1 kB	nicolo-ribaudo
npm/@babel/helper-validator-option@7.23.5	None	0	11.7 kB	nicolo-ribaudo
npm/@babel/parser@7.24.4	None	0	1.88 MB	nicolo-ribaudo
npm/@bcoe/v8-coverage@0.2.3	None	0	277 kB	bcoe
npm/@istanbuljs/schema@0.1.3	None	0	17.2 kB	coreyfarrell
npm/@jridgewell/resolve-uri@3.1.2	None	0	53.2 kB	jridgewell
npm/@jridgewell/set-array@1.2.1	None	0	17.9 kB	jridgewell
npm/@jridgewell/sourcemap-codec@1.4.15	None	0	45.9 kB	jridgewell
npm/@sinclair/typebox@0.27.8	None	0	442 kB	sinclair
npm/@tsconfig/node10@1.0.9	None	0	2.39 kB	typescript-deploys
npm/@tsconfig/node12@1.0.11	None	0	2.5 kB	typescript-deploys
npm/@tsconfig/node14@1.0.3	None	0	2.39 kB	typescript-deploys
npm/@tsconfig/node16@1.0.4	None	0	2.45 kB	typescript-deploys
npm/@types/istanbul-lib-coverage@2.0.6	None	0	5.45 kB	types
npm/@types/json5@0.0.29	None	0	3 kB	types
npm/@types/prettier@2.7.3	None	0	49.8 kB	types
npm/@types/stack-utils@2.0.3	None	0	6.43 kB	types
npm/@types/yargs-parser@21.0.3	None	0	8.65 kB	types
npm/abab@2.0.6	None	0	10.4 kB	jeffcarp
npm/acorn-walk@7.2.0	None	0	100 kB	marijn
npm/ansi-colors@4.1.3	environment	0	26.1 kB	jonschlinkert
npm/arg@4.1.3	None	0	12.9 kB	qix
npm/array-flatten@1.1.1	None	0	4.42 kB	blakeembrey
npm/astral-regex@2.0.0	None	0	3.4 kB	kevva
npm/asynckit@0.4.0	None	0	27.4 kB	alexindigo
npm/base64-js@1.5.1	None	0	9.62 kB	feross
npm/bowser@2.11.0	None	0	217 kB	lancedikson
npm/browser-process-hrtime@1.0.0	None	0	3.52 kB	kumavis
npm/callsites@3.1.0	None	0	6.33 kB	sindresorhus
npm/char-regex@1.0.2	None	0	4.96 kB	richienb
npm/cjs-module-lexer@1.2.3	None	0	139 kB	guybedford
npm/clean-stack@2.2.0	None	0	5.51 kB	sindresorhus
npm/cli-boxes@2.2.1	None	0	6.14 kB	sindresorhus
npm/clone@1.0.4	None	0	11.1 kB	pvorb
npm/co@4.6.0	None	0	16 kB	jongleberry
npm/collect-v8-coverage@1.0.2	unsafe	0	5.14 kB	simenb
npm/convert-source-map@1.9.0	filesystem	0	11.4 kB	thlorenz
npm/cookie-signature@1.0.6	None	0	3.94 kB	natevw
npm/create-require@1.1.1	filesystem, unsafe	0	6.25 kB	pi0
npm/cssom@0.4.4	None	0	48.7 kB	nv
npm/decimal.js@10.4.3	None	0	283 kB	mikemcl
npm/deep-extend@0.6.0	None	0	9.19 kB	unclechu
npm/deep-is@0.1.4	None	0	8.11 kB	thlorenz
npm/deepmerge@4.3.1	None	0	31.2 kB	tehshrike
npm/delayed-stream@1.0.0	None	0	8.02 kB	apechimp
npm/depd@2.0.0	environment, eval	0	27.1 kB	dougwilson
npm/detect-newline@3.1.0	None	0	3.77 kB	sindresorhus
npm/diff-sequences@27.5.1	None	0	53 kB	simenb
npm/diff@4.0.2	None	0	335 kB	kpdecker
npm/ee-first@1.1.1	None	0	6.26 kB	dougwilson
npm/electron-to-chromium@1.4.736	None	0	285 kB	kilianvalkhof
npm/emittery@0.8.1	None	0	35.5 kB	sindresorhus
npm/encodeurl@1.0.2	None	0	7.86 kB	dougwilson
npm/es6-promise@4.2.8	None	0	315 kB	stefanpenner
npm/escape-html@1.0.3	None	0	3.66 kB	dougwilson
npm/etag@1.8.1	filesystem	0	10.8 kB	dougwilson
npm/eventemitter3@4.0.7	None	0	38 kB	lpinca
npm/exit@0.1.2	None	0	59.8 kB	cowboy
npm/extend@3.0.2	None	0	23.5 kB	ljharb
npm/fast-levenshtein@2.0.6	None	0	9.44 kB	hiddentao
npm/forwarded@0.2.0	None	0	5.88 kB	dougwilson
npm/fresh@0.5.2	None	0	10.1 kB	dougwilson
npm/fsevents@2.3.3	None	0	173 kB	pipobscure
npm/functions-have-names@1.2.3	None	0	16.7 kB	ljharb
npm/gensync@1.0.0-beta.2	None	0	28.9 kB	loganfsmyth
npm/get-package-type@0.1.0	filesystem	0	6.01 kB	coreyfarrell
npm/has-bigints@1.0.2	None	0	12.8 kB	ljharb
npm/has-proto@1.0.3	None	0	12 kB	ljharb
npm/has-symbols@1.0.3	None	0	20.6 kB	ljharb
npm/html-escaper@2.0.2	None	0	13.1 kB	webreflection
npm/ieee754@1.2.1	None	0	6.8 kB	feross
npm/ipaddr.js@1.9.1	None	0	42.1 kB	whitequark
npm/is-callable@1.2.7	None	0	28.9 kB	ljharb
npm/is-docker@2.2.1	filesystem	0	3.01 kB	sindresorhus
npm/is-generator-fn@2.1.0	None	0	3.28 kB	sindresorhus
npm/is-interactive@1.0.0	None	0	4.62 kB	sindresorhus
npm/is-negative-zero@2.0.3	None	0	27.1 kB	ljharb
npm/is-number@7.0.0	None	0	9.62 kB	jonschlinkert
npm/is-potential-custom-element-name@1.0.1	None	0	3.92 kB	mathias
npm/is-typedarray@1.0.0	None	0	4.41 kB	hughsk
npm/is-unicode-supported@0.1.0	None	0	3.54 kB	sindresorhus
npm/istanbul-lib-coverage@3.2.2	None	0	34.4 kB	oss-bot
npm/jest-get-type@27.5.1	None	0	3.81 kB	simenb
npm/jest-regex-util@27.5.1	None	0	3.37 kB	simenb
npm/js-tokens@4.0.0	None	0	15.1 kB	lydell
npm/jsesc@2.5.2	None	0	32 kB	mathias
npm/json-parse-better-errors@1.0.2	None	0	6.7 kB	zkat
npm/json5@2.2.3	None	0	235 kB	jordanbtucker
npm/kleur@3.0.3	None	0	9.89 kB	lukeed
npm/leven@3.1.0	None	0	5.34 kB	sindresorhus
npm/lodash.get@4.4.2	None	0	26.5 kB	jdalton
npm/lodash.memoize@4.1.2	None	0	20.1 kB	jdalton
npm/make-error@1.3.6	None	0	12.4 kB	julien-f
npm/media-typer@0.3.0	None	0	11.1 kB	dougwilson
npm/merge-descriptors@1.0.1	None	0	4.89 kB	dougwilson
npm/methods@1.1.2	network	0	5.29 kB	dougwilson
npm/mime-db@1.52.0	None	0	206 kB	dougwilson
npm/mime@1.6.0	environment, filesystem	0	51.7 kB	broofa
npm/mimic-fn@2.1.0	None	0	4.46 kB	sindresorhus
npm/node-int64@0.4.0	None	0	16.3 kB	broofa
npm/node-releases@2.0.14	None	0	34 kB	chicoxyzzy
npm/normalize-path@3.0.0	None	0	9.22 kB	jonschlinkert
npm/nwsapi@2.2.7	None	0	209 kB	diego
npm/object-inspect@1.13.1	None	0	97.2 kB	ljharb
npm/object-keys@1.1.1	None	0	26.5 kB	ljharb
npm/p-finally@1.0.0	None	0	3.11 kB	sindresorhus
npm/parse5@6.0.1	None	0	331 kB	inikulin
npm/parseurl@1.3.3	None	0	10.3 kB	dougwilson
npm/path-parse@1.0.7	None	0	4.51 kB	jbgutierrez
npm/path-to-regexp@0.1.7	None	0	6.78 kB	blakeembrey
npm/picocolors@1.0.0	environment	0	5.66 kB	alexeyraspopov
npm/pirates@4.0.6	unsafe	0	13.5 kB	danez
npm/proxy-from-env@1.1.0	environment	0	29.5 kB	rob-w
npm/psl@1.9.0	None	0	461 kB	lupomontero
npm/punycode@2.3.1	None	0	33.5 kB	google-wombot
npm/pure-rand@6.1.0	None	0	84 kB	ndubien
npm/querystringify@2.2.0	None	0	6.96 kB	lpinca
npm/queue-microtask@1.2.3	None	0	8.37 kB	feross
npm/range-parser@1.2.1	None	0	8.46 kB	dougwilson
npm/repeat-string@1.6.1	None	0	9.09 kB	jonschlinkert
npm/requires-port@1.0.0	None	0	8.56 kB	3rdeden
npm/semver@7.5.2	None	0	92.6 kB	npm-cli-ops
npm/sisteransi@1.0.5	None	0	6.79 kB	terkelg
npm/spdx-exceptions@2.5.0	None	0	3.47 kB	kemitchell
npm/spdx-license-ids@3.0.17	None	0	12.6 kB	kemitchell
npm/string-argv@0.3.1	None	0	6.12 kB	cellule
npm/strnum@1.0.5	None	0	17.7 kB	amitgupta
npm/supports-preserve-symlinks-flag@1.0.0	None	0	9.18 kB	ljharb
npm/symbol-tree@3.2.4	None	0	57.1 kB	joris-van-der-wel
npm/tapable@2.2.1	None	0	46.9 kB	sokra
npm/throat@6.0.2	None	0	9.14 kB	throat-bot
npm/tmpl@1.0.5	None	0	2.77 kB	daaku
npm/to-fast-properties@2.0.0	None	0	3.5 kB	sindresorhus
npm/tr46@0.0.3	None	0	268 kB	sebmaster
npm/unpipe@1.0.0	None	0	4.31 kB	dougwilson
npm/utils-merge@1.0.1	None	0	3.72 kB	jaredhanson
npm/v8-compile-cache-lib@3.0.1	environment, filesystem, unsafe	0	18.2 kB	cspotcode
npm/vary@1.1.2	None	0	8.75 kB	dougwilson
npm/webidl-conversions@3.0.1	None	0	12.4 kB	sebmaster
npm/whatwg-mimetype@2.3.0	None	0	16.2 kB	domenic
npm/word-wrap@1.2.3	None	0	10.6 kB	jonschlinkert
npm/ws@7.5.9	network	0	122 kB	lpinca
npm/xml-name-validator@3.0.0	None	0	23 kB	domenic
npm/xmlchars@2.2.0	None	0	59 kB	lddubeau
npm/yn@3.1.1	None	0	6.31 kB	sindresorhus
npm/yocto-queue@0.1.0	None	0	6.03 kB	sindresorhus

🚮 Removed packages: npm/@nrwl/cli@15.9.7, npm/@nrwl/nx-darwin-arm64@15.9.7, npm/@nrwl/nx-darwin-x64@15.9.7, npm/@nrwl/nx-linux-arm-gnueabihf@15.9.7, npm/@nrwl/nx-linux-arm64-gnu@15.9.7, npm/@nrwl/nx-linux-arm64-musl@15.9.7, npm/@nrwl/nx-linux-x64-gnu@15.9.7, npm/@nrwl/nx-linux-x64-musl@15.9.7, npm/@nrwl/nx-win32-arm64-msvc@15.9.7, npm/@nrwl/nx-win32-x64-msvc@15.9.7, npm/@nrwl/tao@15.9.7, npm/@parcel/watcher@2.0.4, npm/@tootallnate/once@2.0.0, npm/@types/minimatch@3.0.5, npm/@types/normalize-package-data@2.4.4, npm/@yarnpkg/lockfile@1.1.0, npm/@yarnpkg/parsers@3.0.0-rc.46, npm/@zkochan/js-yaml@0.0.6, npm/abbrev@1.1.1, npm/agent-base@6.0.2, npm/agentkeepalive@4.5.0, npm/ansi-regex@4.1.1, npm/any-shell-escape@0.1.1, npm/are-we-there-yet@3.0.1, npm/array-differ@3.0.0, npm/array-find-index@1.0.2, npm/arrify@1.0.1, npm/axios@1.6.8, npm/braces@3.0.2, npm/builtins@1.0.3, npm/cli-spinners@2.6.1, npm/cliui@5.0.0, npm/commander@2.6.0, npm/common-tags@1.8.2, npm/concurrently@3.6.1, npm/console-control-strings@1.1.0, npm/cp-file@3.2.0, npm/cpy-cli@1.0.1, npm/cpy@4.0.1, npm/cross-env@3.2.4, npm/currently-unhandled@0.4.1, npm/date-fns@1.30.1, npm/delegates@1.0.0, npm/emoji-regex@7.0.3, npm/encoding@0.1.13, npm/enquirer@2.3.6, npm/env-paths@2.2.1, npm/error-ex@1.3.2, npm/exponential-backoff@3.1.1, npm/fill-range@7.0.1, npm/gauge@4.0.4, npm/http-cache-semantics@4.1.1, npm/http-proxy-agent@5.0.0, npm/https-proxy-agent@5.0.1, npm/humanize-ms@1.2.1, npm/ignore-walk@5.0.1, npm/indent-string@2.1.0, npm/is-fullwidth-code-point@2.0.0, npm/is-lambda@1.0.1, npm/is-plain-obj@1.1.0, npm/is-utf8@0.2.1, npm/jsonc-parser@3.2.0, npm/lines-and-columns@2.0.4, npm/loud-rejection@1.6.0, npm/make-fetch-happen@10.2.1, npm/manage-path@2.0.0, npm/map-obj@4.3.0, npm/minipass-fetch@2.1.2, npm/minipass-json-stream@1.0.1, npm/minipass-sized@1.0.3, npm/minizlib@2.1.2, npm/negotiator@0.6.3, npm/nested-error-stacks@1.0.2, npm/open@8.4.2, npm/opn-cli@3.1.0, npm/p-limit@2.3.0, npm/pinkie-promise@2.0.1, npm/prefix-matches@1.0.1, npm/promise-retry@2.0.1, npm/pseudomap@1.0.2, npm/quick-lru@4.0.1, npm/readline-sync@1.4.10, npm/repeating@2.0.1, npm/resolve@1.22.8, npm/rx@2.3.24, npm/semver@7.3.5, npm/socks-proxy-agent@7.0.0, npm/spawn-command-with-kill@1.0.2, npm/spawn-command@0.0.2, npm/strip-indent@1.0.1, npm/tar-stream@2.2.0, npm/to-regex-range@5.0.1, npm/trim-newlines@3.0.1, npm/tsconfig-paths@4.2.0, npm/whatwg-url@5.0.0, npm/wide-align@1.1.5

View full report↗︎

[sonarcloud]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

No Coverage information
0.0% Duplication

[sonarcloud]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

No Coverage information
0.0% Duplication

[sonarcloud]

Quality Gate passed

Kudos, no new issues were introduced!

0 New issues
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarCloud

[socket-security]

👍 Dependency issues cleared. Learn more about Socket for GitHub ↗︎

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

View full report↗︎

[sonarcloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarCloud