You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We are using API extractor, which has a dependency on the semver package: "semver": "~7.3.0". Recently there was a vulnerability reported for older versions of the semver package https://nvd.nist.gov/vuln/detail/CVE-2022-25883.
Can the semver package dependencies be updated in API extractor and better yet can we start leveraging ^ semver ranges for this dependency going forward to remove the friction on downstream repos for addressing these vulnerabilities
Summary
Repro steps
Expected result:
Actual result:
Details
Standard questions
Please answer these questions to help us investigate your issue more quickly:
Question
Answer
@microsoft/api-extractor version?
Operating system?
API Extractor scenario?
Would you consider contributing a PR?
TypeScript compiler version?
Node.js version (node -v)?
The text was updated successfully, but these errors were encountered:
nipunn1313
added a commit
to nipunn1313/rushstack
that referenced
this issue
Jul 18, 2023
We are using API extractor, which has a dependency on the semver package: "semver": "~7.3.0". Recently there was a vulnerability reported for older versions of the semver package https://nvd.nist.gov/vuln/detail/CVE-2022-25883.
Can the semver package dependencies be updated in API extractor and better yet can we start leveraging ^ semver ranges for this dependency going forward to remove the friction on downstream repos for addressing these vulnerabilities
Summary
Repro steps
Expected result:
Actual result:
Details
Standard questions
Please answer these questions to help us investigate your issue more quickly:
@microsoft/api-extractor
version?node -v
)?The text was updated successfully, but these errors were encountered: