New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: commitlint/cli semver version not fixed yet #3669
Labels
Comments
Shouldn't it be unblocked by now ? conventional-changelog/conventional-changelog/pull/1071 |
Afaik we're waiting for this: conventional-changelog/conventional-changelog#1019 (comment) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Expected Behavior
No modaterate severity vulnerabilities after npm ci command
Current Behavior
Update Semver
┌─────────────────────┬────────────────────────────────────────────────────────┐
│ moderate │ semver vulnerable to Regular Expression Denial of Service │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Package │ semver │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Vulnerable versions │ <7.5.2 │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Patched versions │ >=7.5.2 │
├─────────────────────┼────────────────────────────────────────────────────────┤├─┬ @commitlint/[email protected]
│ ├─┬ @commitlint/[email protected]
│ │ └─┬ @commitlint/[email protected]
│ │ └── [email protected] deduped
│ └─┬ @commitlint/[email protected]
│ └─┬ [email protected]
│ └─┬ [email protected]
│ ├─┬ [email protected]
│ │ └── [email protected] deduped
│ └─┬ [email protected]
│ └─┬ [email protected]
│ └─┬ [email protected]
│ └── [email protected]
├─────────────────────┼────────────────────────────────────────────────────────┤
│ More info │ GHSA-c2qf-rxjj-qqgw │
└─────────────────────┴────────────────────────────────────────────────────────┘
1 vulnerabilities found
Severity: 1 moderate
Bug was reported once on Jun 24: #3619
But the newest release 17.7.1 (August) of cli didn't fix this problem.
Affected packages
Possible Solution
N/A
Steps to Reproduce
Context
No response
commitlint --version
commitlint/[email protected]
git --version
2.42.0.windows.1
node --version
v18.17.1
The text was updated successfully, but these errors were encountered: