CVE-2022-25883 via `semver@5.7.1`

`patch-package` [depends on](https://github.com/ds300/patch-package/blob/0b9b0150a2348bf53087198fcad84e862a35eebb/package.json#L82) `semver@^5.6.0`, which is vulnerable to [CVE-2022-25883](https://nvd.nist.gov/vuln/detail/CVE-2022-25883). This can be fixed by upgrading to `semver@7.5.3` or later.