fix(deps): update dependency semver-regex to v4 (!95) · Merge requests · Sheogorath / Markdown Spellcheck · GitLab

This is an archived project. Repository and other project resources are read-only.

Botaniker (Bot) requested to merge renovate/semver-regex-4.x into deploy May 04, 2022

This MR contains the following updates:

Package	Type	Update	Change
semver-regex	dependencies	major	`3.1.2` -> `4.0.5`

Release Notes

sindresorhus/semver-regex

`v4.0.5`

Improve regex b4ff333

Tip: If you use it in a server context, it's a good idea to give the regex a timeout.

`v4.0.4`

Fix some false positive matches (#23) e93d9c8

Tip: If you use it in a server context, it's a good idea to give the regex a timeout.

`v4.0.3`

Fix ReDoS vulnerability d8ba39a
- This only affects you if you run the regex on untrusted user input in a server context.
- Also back-ported to v3 in 3.1.4.
- CVE pending

`v4.0.2`

No changes. Just fixing a npm dist tag.

`v4.0.1`

Fix ReDoS vulnerability 11c6624
- This only affects you if you run the regex on untrusted user input in a server context.
- Also back-ported to v3 in 3.1.3.
- CVE-2021-3795

`v4.0.0`

Breaking

Require Node.js 12 7b785e3
This package is now pure ESM. Please read this.

`v3.1.4`

Backport of ReDoS fix https://github.com/sindresorhus/semver-regex/commit/7712ba564d40da101cf2b2b33e6a910d9f2f57f4

`v3.1.3`

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about this update again.

If you want to rebase/retry this MR, check this box

This MR has been generated by Renovate Bot. The local configuration can be found in the SI Renovate Bot repository.

Edited Oct 31, 2022 by Botaniker (Bot)