Skip to content

semver related CVE and release #821

New issue
New issue
Open
Open
semver related CVE and release#821
@tyriis

Description

@tyriis
tyriis
opened on Jun 28, 2023

I'm submitting a...

  • Bug report
  • Feature request
  • Question

Current behavior

I am using db-migrate in many projects, there is a fixed vulnerability in the semver dependency.
Currently our security checks are failing.
https://cwe.mitre.org/data/definitions/1333.html

Expected behavior

semver should be updated to >= 7.5.2

Minimal reproduction of the problem with instructions

npm audit

What is the motivation / use case for changing the behavior?

We <3 security.

Environment


db-migrate version: 0.11.13

Additional information:
- Node version: v20.3.1
- Platform: Linux

Others:
Thanks for your work.
It would be great to have a release or pre-release of current state :)

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions