hosted-git-info moderate vulnerability

[tatemz]

Current behavior

npm audit shows moderate issue

https://www.npmjs.com/advisories/1677

┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate      │ Regular Expression Deinal of Service                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ hosted-git-info                                              │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=3.0.8                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ semantic-release [dev]                                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ semantic-release > @semantic-release/npm > read-pkg >        │
│               │ normalize-package-data > hosted-git-info                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/1677                            │
└───────────────┴──────────────────────────────────────────────────────────────┘

Expected behavior

Likely not a real security issue (see jestjs/jest#11379 (comment)), but can cause ci pipelines to fail.

Environment

• semantic-release version:
• CI environment:
• Plugins used:
• semantic-release configuration:
• CI logs:

[gr2m]

Thanks! Automated PRs to fix the affected version are being created right now