[Snyk] Upgrade semver from 6.1.1 to 7.3.7

[MarcelRaschke]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade semver from 6.1.1 to 7.3.7.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

Warning: This is a major version upgrade, and may be a breaking change.

• The recommended version is 21 versions ahead of your current version.
• The recommended version was released 6 months ago, on 2022-04-12.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Prototype Pollution SNYK-JS-Y18N-1021887	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-Y18N-1021887	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Denial of Service (DoS) SNYK-JS-TRIMNEWLINES-1298042	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TMPL-1583443	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Arbitrary File Write SNYK-JS-TAR-1579155	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579152	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579147	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Arbitrary File Overwrite SNYK-JS-TAR-1536531	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Arbitrary File Overwrite SNYK-JS-TAR-1536528	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579155	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579152	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579147	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Arbitrary File Overwrite SNYK-JS-TAR-1536531	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Arbitrary File Overwrite SNYK-JS-TAR-1536528	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SSRI-1246392	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-SETVALUE-450213	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-SETVALUE-1540541	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-SETVALUE-450213	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-SETVALUE-1540541	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-NPMUSERVALIDATE-1019352	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Arbitrary File Write SNYK-JS-NPM-537606	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Arbitrary File Overwrite SNYK-JS-NPM-537603	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-MIXINDEEP-450212	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-608086	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-567746	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-450202	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Command Injection SNYK-JS-LODASH-1040724	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-INI-1048974	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Arbitrary Code Execution SNYK-JS-HANDLEBARS-534478	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Denial of Service (DoS) SNYK-JS-HANDLEBARS-480388	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-HANDLEBARS-469063	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Remote Code Execution (RCE) SNYK-JS-HANDLEBARS-1056767	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Arbitrary File Write SNYK-JS-BINLINKS-537610	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Arbitrary File Overwrite SNYK-JS-BINLINKS-537608	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-ASYNC-2441827	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ACORN-559469	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ACORN-559469	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-UGLIFYJS-1727251	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TRIMOFFNEWLINES-1296850	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Denial of Service (DoS) SNYK-JS-NWSAPI-2841516	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Insertion of Sensitive Information into Log File SNYK-JS-NPMREGISTRYFETCH-575432	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Insertion of Sensitive Information into Log File SNYK-JS-NPM-575435	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Command Injection SNYK-JS-NODENOTIFIER-1035794	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Denial of Service SNYK-JS-NODEFETCH-674311	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Information Exposure SNYK-JS-NODEFETCH-2342118	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-MINIMIST-559764	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-559764	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-451341	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Man-in-the-Middle (MitM) SNYK-JS-HTTPSPROXYAGENT-469131	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-HANDLEBARS-567742	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-HANDLEBARS-1279029	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-DOTPROP-543489	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-DOTPROP-543489	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-CONVENTIONALCOMMITSPARSER-1766960	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Unauthorized File Access SNYK-JS-NPM-537604	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-2429795	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-2429795	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Validation Bypass SNYK-JS-KINDOF-537849	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-HANDLEBARS-534988	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Unauthorized File Access SNYK-JS-BINLINKS-537609	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: semver

• 7.3.7 - 2022-04-12
  

  7.3.7 (2022-04-11)

  Bug Fixes

  • allow node >=10 (85b269a)
  • bin: get correct value from arg separated by equals (#449) (4ceca76), closes #431
  • ensure SemVer instance passed to inc are not modified (#427) (f070dde)
  • inc prerelease with numeric preid (#380) (802e161)

  Dependencies

  • revert to lru-cache@6 (22ae54d)
• 7.3.6 - 2022-04-06
  

  7.3.6 (2022-04-05)

  Bug Fixes

  • #329 (cb1ca1d)
  • properly escape dots in GTE0 regexes (#432) (11494f1)
  • replace deprecated String.prototype.substr() (#445) (e2d55e7)
  • replace regex used to split ranges (#434) (9ab7b71)

  Documentation

  • clarify * range behavior (cb1ca1d)

  Dependencies

  • [email protected] (#442) (9a3064c)
  • [email protected] (#439) (60cbb3f)
• 7.3.5 - 2021-03-23
  

  7.3.5

• 7.3.4 - 2020-12-01
  

  7.3.4

• 7.3.3 - 2020-12-01
  

  7.3.3

• 7.3.2 - 2020-04-14
  

  7.3.2

• 7.3.1 - 2020-04-14
  

  7.3.1

• 7.3.0 - 2020-04-14
  

  7.3.0

• 7.2.3 - 2020-04-13
  

  7.2.3

• 7.2.2 - 2020-04-10
  

  7.2.2

• 7.2.1 - 2020-04-06
• 7.2.0 - 2020-04-06
• 7.1.3 - 2020-02-11
• 7.1.2 - 2020-01-31
• 7.1.1 - 2019-12-17
• 7.1.0 - 2019-12-17
• 7.0.0 - 2019-12-14
• 6.3.0 - 2019-07-23
• 6.2.0 - 2019-07-01
• 6.1.3 - 2019-07-01
• 6.1.2 - 2019-06-24
• 6.1.1 - 2019-05-28

from semver GitHub release notes

Commit messages

Package name: semver

• 7a2d69c chore(main): release 7.3.7 (#451)
• f070dde fix: ensure SemVer instance passed to inc are not modified (#427)
• 4571a1a chore(test): add test for max safe integers in ranges (#450)
• 802e161 fix: inc prerelease with numeric preid (#380)
• 4ceca76 fix(bin): get correct value from arg separated by equals (#449)
• e7c3973 chore: postinstall for dependabot template-oss PR
• a683bf9 chore: bump @ npmcli/template-oss from 3.2.2 to 3.3.2
• 85b269a fix: allow node >=10
• 22ae54d deps: revert to lru-cache@6
• 1ea0fe2 chore(main): release 7.3.6 (#443)
• e2d55e7 fix: replace deprecated String.prototype.substr() (#445)
• c837758 chore: bump @ npmcli/template-oss from 3.2.0 to 3.2.2 (#444)
• 4907647 chore: use `@ npmcli/template-oss` (#433)
• 9a3064c deps: [email protected] (#442)
• 60cbb3f deps: [email protected] (#439)
• 11494f1 fix: properly escape dots in `GTE0` regexes (#432)
• 9ab7b71 fix: replace regex used to split ranges (#434)
• cb1ca1d docs: clarify * range behavior
• f1e4e29 chore: update settings.yml (#402)
• e79ac3a 7.3.5
• 0ce87d6 Correctly handle prereleases/ANY ranges in subset
• 15ed208 fix(subset): check any as superset
• 093b40f 7.3.4
• 93ff028 use modern lru-cache, not legacy

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs