We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
semver@5.7.1
patch-package depends on semver@^5.6.0, which is vulnerable to CVE-2022-25883. This can be fixed by upgrading to semver@7.5.3 or later.
patch-package
semver@^5.6.0
semver@7.5.3
The text was updated successfully, but these errors were encountered:
#466 would fix this
Sorry, something went wrong.
Noting that #466 does not fix this, since that only bumps the semver version to 7.0.0, and not 7.5.3 or above.
semver
#477 would fix this.
Fixed in patch-package@7.0.1.
patch-package@7.0.1
Successfully merging a pull request may close this issue.
patch-package
depends onsemver@^5.6.0
, which is vulnerable to CVE-2022-25883. This can be fixed by upgrading tosemver@7.5.3
or later.The text was updated successfully, but these errors were encountered: