simon/semantic-release
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix(deps): Require find-versions ^4.0.0 (#1722)

Browse Source 
This new version includes a fix for a ReDoS vulnerability in
`semver-regex` that is flagged by some source composition analysis tools
like Snyk:

https://snyk.io/vuln/SNYK-JS-SEMVERREGEX-1047770

It's a major version because it drops support for Node.js 6.x. This
doesn't affect us since we already require Node.js >=10.18.
This commit is contained in:
Ryan Ling 2020-12-30 07:15:11 +11:00 committed by GitHub
parent af596a9443
commit 52238cbccc
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
package.json
View File

@ -31,7 +31,7 @@
"env-ci": "^5.0.0",
"execa": "^4.0.0",
"figures": "^3.0.0",
"find-versions": "^3.0.0",
"find-versions": "^4.0.0",
"get-stream": "^5.0.0",
"git-log-parser": "^1.2.0",
"hook-std": "^2.0.0",