fix(deps): Require find-versions ^4.0.0 #1722

72636c · 2020-12-29T06:27:22Z

This new version includes a fix for a ReDoS vulnerability in semver-regex that is flagged by some source composition analysis tools like Snyk:

https://snyk.io/vuln/SNYK-JS-SEMVERREGEX-1047770

It's a major version because it drops support for Node.js 6.x. This doesn't affect us since we already require Node.js >=10.18.

https://github.com/sindresorhus/find-versions/releases/tag/v4.0.0

This new version includes a fix for a ReDoS vulnerability in `semver-regex` that is flagged by some source composition analysis tools like Snyk: https://snyk.io/vuln/SNYK-JS-SEMVERREGEX-1047770 It's a major version because it drops support for Node.js 6.x. This doesn't affect us since we already require Node.js >=10.18.

gr2m

Thanks!

semantic-release-bot · 2020-12-29T20:31:36Z

🎉 This PR is included in version 17.3.1 🎉

The release is available on:

Your semantic-release bot 📦🚀

This new version includes a fix for a ReDoS vulnerability in `semver-regex` that is flagged by some source composition analysis tools like Snyk: https://snyk.io/vuln/SNYK-JS-SEMVERREGEX-1047770 It's a major version because it drops support for Node.js 6.x. This doesn't affect us since we already require Node.js >=10.18.

gr2m approved these changes Dec 29, 2020

View reviewed changes

gr2m merged commit 52238cb into semantic-release:master Dec 29, 2020

semantic-release-bot added the released label Dec 29, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix(deps): Require find-versions ^4.0.0 #1722

fix(deps): Require find-versions ^4.0.0 #1722

72636c commented Dec 29, 2020

gr2m left a comment

semantic-release-bot commented Dec 29, 2020

fix(deps): Require find-versions ^4.0.0 #1722

fix(deps): Require find-versions ^4.0.0 #1722

Conversation

72636c commented Dec 29, 2020

gr2m left a comment

Choose a reason for hiding this comment

semantic-release-bot commented Dec 29, 2020