From 52238cbccc20b2e0028bc7e5394df0002099f4ee Mon Sep 17 00:00:00 2001
From: Ryan Ling <ryan@outlook.com.au>
Date: Wed, 30 Dec 2020 07:15:11 +1100
Subject: [PATCH] fix(deps): Require find-versions ^4.0.0 (#1722)

This new version includes a fix for a ReDoS vulnerability in
`semver-regex` that is flagged by some source composition analysis tools
like Snyk:

https://snyk.io/vuln/SNYK-JS-SEMVERREGEX-1047770

It's a major version because it drops support for Node.js 6.x. This
doesn't affect us since we already require Node.js >=10.18.
---
 package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/package.json b/package.json
index fdbf3b90f0..1c65a3f394 100644
--- a/package.json
+++ b/package.json
@@ -31,7 +31,7 @@
     "env-ci": "^5.0.0",
     "execa": "^4.0.0",
     "figures": "^3.0.0",
-    "find-versions": "^3.0.0",
+    "find-versions": "^4.0.0",
     "get-stream": "^5.0.0",
     "git-log-parser": "^1.2.0",
     "hook-std": "^2.0.0",