fix: commitlint/cli semver version not fixed yet #3669
Labels
Comments
|
Shouldn't it be unblocked by now ? conventional-changelog/conventional-changelog/pull/1071 |
Afaik we're waiting for this: conventional-changelog/conventional-changelog#1019 (comment) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Expected Behavior
No modaterate severity vulnerabilities after npm ci command
Current Behavior
Update Semver
┌─────────────────────┬────────────────────────────────────────────────────────┐
│ moderate │ semver vulnerable to Regular Expression Denial of Service │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Package │ semver │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Vulnerable versions │ <7.5.2 │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Patched versions │ >=7.5.2 │
├─────────────────────┼────────────────────────────────────────────────────────┤├─┬ @commitlint/cli@17.7.1
│ ├─┬ @commitlint/lint@17.7.0
│ │ └─┬ @commitlint/is-ignored@17.7.0
│ │ └── semver@7.5.4 deduped
│ └─┬ @commitlint/read@17.5.1
│ └─┬ git-raw-commits@2.0.11
│ └─┬ meow@8.1.2
│ ├─┬ normalize-package-data@3.0.3
│ │ └── semver@7.5.4 deduped
│ └─┬ read-pkg-up@7.0.1
│ └─┬ read-pkg@5.2.0
│ └─┬ normalize-package-data@2.5.0
│ └── semver@5.7.1
├─────────────────────┼────────────────────────────────────────────────────────┤
│ More info │ GHSA-c2qf-rxjj-qqgw │
└─────────────────────┴────────────────────────────────────────────────────────┘
1 vulnerabilities found
Severity: 1 moderate
Bug was reported once on Jun 24: #3619
But the newest release 17.7.1 (August) of cli didn't fix this problem.
Affected packages
Possible Solution
N/A
Steps to Reproduce
Context
No response
commitlint --version
commitlint/cli@17.7.1
git --version
2.42.0.windows.1
node --version
v18.17.1
The text was updated successfully, but these errors were encountered: