[Snyk] Upgrade semver from 5.4.1 to 7.7.2 by SherfeyInv · Pull Request #11 · Aysher-Intelligence-Agency/jsbin

SherfeyInv · 2025-08-25T15:18:57Z

Snyk has created this PR to upgrade semver from 5.4.1 to 7.7.2.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

The recommended version is 45 versions ahead of your current version.
The recommended version was released 3 months ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	750	Proof of Concept

Release notes

Package name: semver

7.7.2 - 2025-05-12
7.7.2 (2025-05-12)

Bug Fixes
- fcafb61 #780 add missing 'use strict' directives (#780) (@ Fdawgs)
- c99f336 #781 prerelease identifier starting with digits (#781) (@ mbtools)
Chores
- c760403 #784 template-oss-apply for workflow permissions (#784) (@ wraithgar)
- 2677f2a #778 bump @ npmcli/template-oss from 4.23.6 to 4.24.3 (#778) (@ dependabot[bot], @ npm-cli-bot)
7.7.1 - 2025-02-03
7.7.1 (2025-02-03)

Bug Fixes
- af761c0 #764 inc: fully capture prerelease identifier (#764) (@ wraithgar)
7.7.0 - 2025-01-29
7.7.0 (2025-01-29)

Features
- 0864b3c #753 add "release" inc type (#753) (@ mbtools)
Bug Fixes
- d588e37 #755 diff: fix prerelease to stable version diff logic (#755) (@ eminberkayd, berkay.daglar)
- 8a34bde #754 add identifier validation to inc() (#754) (@ mbtools)
Documentation
- 67e5478 #756 readme: added missing period for consistency (#756) (@ shaymolcho)
- 868d4bb #749 clarify comment about obsolete prefixes (#749) (@ mbtools, @ ljharb)
Chores
- 145c554 #741 bump @ npmcli/eslint-config from 4.0.5 to 5.0.0 (@ dependabot[bot])
- 753e02b #747 bump @ npmcli/template-oss from 4.23.3 to 4.23.4 (#747) (@ dependabot[bot], @ npm-cli-bot)
- 0b812d5 #744 postinstall for dependabot template-oss PR (@ hashtagchris)
7.6.3 - 2024-07-16
7.6.3 (2024-07-16)

Bug Fixes
- 73a3d79 #726 optimize Range parsing and formatting (#726) (@ jviide)
Documentation
- 2975ece #719 fix extra backtick typo (#719) (@ stdavis)
7.6.2 - 2024-05-09
7.6.2 (2024-05-09)

Bug Fixes
- 6466ba9 #713 lru: use map.delete() directly (#713) (@ negezor, @ lukekarrys)
7.6.1 - 2024-05-07
7.6.1 (2024-05-04)

Bug Fixes
- c570a34 #704 linting: no-unused-vars (@ wraithgar)
- ad8ff11 #704 use internal cache implementation (@ mbtools)
- ac9b357 #682 typo in compareBuild debug message (#682) (@ mbtools)
Dependencies
- 988a8de #709 uninstall lru-cache (#709)
- 3fabe4d #704 remove lru-cache
Chores
- dd09b60 #705 bump @ npmcli/template-oss to 4.22.0 (@ lukekarrys)
- ec49cdc #701 chore: chore: postinstall for dependabot template-oss PR (@ lukekarrys)
- b236c3d #696 add benchmarks (#696) (@ H4ad)
- 692451b #688 various improvements to README (#688) (@ mbtools)
- 5feeb7f #705 postinstall for dependabot template-oss PR (@ lukekarrys)
- 074156f #701 bump @ npmcli/template-oss from 4.21.3 to 4.21.4 (@ dependabot[bot])
7.6.0 - 2024-02-05
7.6.0 (2024-01-31)

Features
- a7ab13a #671 preserve pre-release and build parts of a version on coerce (#671) (@ madtisa, madtisa, @ wraithgar)
Chores
- 816c7b2 #667 postinstall for dependabot template-oss PR (@ lukekarrys)
- 0bd24d9 #667 bump @ npmcli/template-oss from 4.21.1 to 4.21.3 (@ dependabot[bot])
- e521932 #652 postinstall for dependabot template-oss PR (@ lukekarrys)
- 8873991 #652 chore: chore: postinstall for dependabot template-oss PR (@ lukekarrys)
- f317dc8 #652 bump @ npmcli/template-oss from 4.19.0 to 4.21.0 (@ dependabot[bot])
- 7303db1 #658 add clean() test for build metadata (#658) (@ jethrodaniel)
- 6240d75 #656 add missing quotes in README.md (#656) (@ zyxkad)
- 14d263f #625 postinstall for dependabot template-oss PR (@ lukekarrys)
- 7c34e1a #625 bump @ npmcli/template-oss from 4.18.1 to 4.19.0 (@ dependabot[bot])
- 123e0b0 #622 postinstall for dependabot template-oss PR (@ lukekarrys)
- 737d5e1 #622 bump @ npmcli/template-oss from 4.18.0 to 4.18.1 (@ dependabot[bot])
- cce6180 #598 postinstall for dependabot template-oss PR (@ lukekarrys)
- b914a3d #598 bump @ npmcli/template-oss from 4.17.0 to 4.18.0 (@ dependabot[bot])
7.5.4 - 2023-07-07
7.5.4 (2023-07-07)

Bug Fixes
- cc6fde2 #588 trim each range set before parsing (@ lukekarrys)
- 99d8287 #583 correctly parse long build ids as valid (#583) (@ lukekarrys)
7.5.3 - 2023-06-22
7.5.2 - 2023-06-15
7.5.1 - 2023-05-12
7.5.0 - 2023-04-17
7.4.0 - 2023-04-10
7.3.8 - 2022-10-04
7.3.7 - 2022-04-12
7.3.6 - 2022-04-06
7.3.5 - 2021-03-23
7.3.4 - 2020-12-01
7.3.3 - 2020-12-01
7.3.2 - 2020-04-14
7.3.1 - 2020-04-14
7.3.0 - 2020-04-14
7.2.3 - 2020-04-13
7.2.2 - 2020-04-10
7.2.1 - 2020-04-06
7.2.0 - 2020-04-06
7.1.3 - 2020-02-11
7.1.2 - 2020-01-31
7.1.1 - 2019-12-17
7.1.0 - 2019-12-17
7.0.0 - 2019-12-14
6.3.1 - 2023-07-10
6.3.1 (2023-07-10)

Bug Fixes
- 928e56d #591 better handling of whitespace (#591) (@ lukekarrys, @ joaomoreno, @ nicolo-ribaudo)
6.3.0 - 2019-07-23
6.2.0 - 2019-07-01
6.1.3 - 2019-07-01
6.1.2 - 2019-06-24
6.1.1 - 2019-05-28
6.1.0 - 2019-05-22
6.0.0 - 2019-03-26
5.7.2 - 2023-07-10
5.7.2 (2023-07-10)

Bug Fixes
- 2f8fd41 #585 better handling of whitespace (#585) (@ joaomoreno, @ lukekarrys)
5.7.1 - 2019-08-12
5.7.0 - 2019-03-26
5.6.0 - 2018-10-10
5.5.1 - 2018-08-17
5.5.0 - 2018-01-16
5.4.1 - 2017-07-24

from semver GitHub release notes

Important

Warning: This PR contains a major version upgrade, and may be a breaking change.
Check the changes in this PR to ensure they won't cause issues with your project.
This PR was automatically created by Snyk using the credentials of a real user.
Max score is 1000. Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

📜 Customise PR templates

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Snyk has created this PR to upgrade semver from 5.4.1 to 7.7.2. See this package in npm: semver See this project in Snyk: https://app.snyk.io/org/sherfeyinv/project/02b601a1-d89d-441e-8049-1c9f3af1e1a7?utm_source=github&utm_medium=referral&page=upgrade-pr

socket-security · 2025-08-25T15:19:23Z

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Package	Supply Chain Security	Vulnerability	Quality	Maintenance
uid2@0.0.4
passport-strategy@1.0.0
passport-github@0.1.5 ⏵ 1.1.0	⁺¹		⁺¹⁰
passport-oauth2@1.8.0
base64url@3.0.1
semver@5.4.1 ⏵ 7.7.2		⁺¹⁶	⁺¹	⁺¹

View full report

Conversation

SherfeyInv commented Aug 25, 2025

Snyk has created this PR to upgrade semver from 5.4.1 to 7.7.2.

Issues fixed by the recommended upgrade:

7.7.2 (2025-05-12)

Bug Fixes

Chores

7.7.1 (2025-02-03)

Bug Fixes

7.7.0 (2025-01-29)

Features

Bug Fixes

Documentation

Chores

7.6.3 (2024-07-16)

Bug Fixes

Documentation

7.6.2 (2024-05-09)

Bug Fixes

7.6.1 (2024-05-04)

Bug Fixes

Dependencies

Chores

7.6.0 (2024-01-31)

Features

Chores

7.5.4 (2023-07-07)

Bug Fixes

6.3.1 (2023-07-10)

Bug Fixes

5.7.2 (2023-07-10)

Bug Fixes

Uh oh!

socket-security bot commented Aug 25, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants