Description
Expected Behavior
No modaterate severity vulnerabilities after npm ci command
Current Behavior
Update Semver
┌─────────────────────┬────────────────────────────────────────────────────────┐
│ moderate │ semver vulnerable to Regular Expression Denial of Service │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Package │ semver │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Vulnerable versions │ <7.5.2 │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Patched versions │ >=7.5.2 │
├─────────────────────┼────────────────────────────────────────────────────────┤├─┬ @commitlint/cli@17.7.1
│ ├─┬ @commitlint/lint@17.7.0
│ │ └─┬ @commitlint/is-ignored@17.7.0
│ │ └── semver@7.5.4 deduped
│ └─┬ @commitlint/read@17.5.1
│ └─┬ git-raw-commits@2.0.11
│ └─┬ meow@8.1.2
│ ├─┬ normalize-package-data@3.0.3
│ │ └── semver@7.5.4 deduped
│ └─┬ read-pkg-up@7.0.1
│ └─┬ read-pkg@5.2.0
│ └─┬ normalize-package-data@2.5.0
│ └── semver@5.7.1
├─────────────────────┼────────────────────────────────────────────────────────┤
│ More info │ GHSA-c2qf-rxjj-qqgw │
└─────────────────────┴────────────────────────────────────────────────────────┘
1 vulnerabilities found
Severity: 1 moderate
Bug was reported once on Jun 24: #3619
But the newest release 17.7.1 (August) of cli didn't fix this problem.
Affected packages
- cli
- core
- prompt
- config-angular
Possible Solution
N/A
Steps to Reproduce
N/AContext
No response
commitlint --version
commitlint/cli@17.7.1
git --version
2.42.0.windows.1
node --version
v18.17.1