chore: locks semver 5.7.x to 5.7.2, 6.3.x to 6.3.1 and 7.5.x to 7.5.4 - MONGOSH-1494 #1509
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR addresses a reported Snyk security vulnerability (SNYK-JS-SEMVER-3247795) introduced by semver < 7.5.2
semver backported the fix applied in 7.5.2 for the above mentioned vulnerability also to v5.x (in 5.7.2) and to v6.x (in 6.3.1). Since these versions were released <30 hours ago, the snyk advisory hasn't catch up to the updated info which is why we are disabling this particular vulnerability in our snyk policy for a month.