Vulnerabilities with semver and ssri dependencies

## Vulnerabilities in Dependencies in Yarn 1.22.19

### Description
Yarn version 1.22.19 has security vulnerabilities in its dependencies, specifically `semver` and `ssri`. The affected and patched versions are as follows:

**1. semver**
- **Affected versions**:
  - `>= 7.0.0, < 7.5.2`
  - `>= 6.0.0, < 6.3.1`
  - `< 5.7.2`
- **Patched versions**:
  - `7.5.2`
  - `6.3.1`
  - `5.7.2`

**2. ssri**
- **Affected versions**:
  - `>= 5.2.2, < 6.0.2`
  - `>= 7.0.0, < 7.1.1`
  - `= 8.0.0`
- **Patched versions**:
  - `6.0.2`
  - `7.1.1`
  - `8.0.1`

### GitHub Advisory Links
- **semver**: [GHSA-c2qf-rxjj-qqgw](https://github.com/advisories/GHSA-c2qf-rxjj-qqgw)
- **ssri**: [GHSA-vx3p-948g-6vhq](https://github.com/advisories/GHSA-vx3p-948g-6vhq)

### Request
Could these dependencies be updated to the patched versions in Yarn 1.22.19 ? Thank you.


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Vulnerabilities with semver and ssri dependencies #9112

ayoubhessoune
openedon Nov 1, 2024

Vulnerabilities in Dependencies in Yarn 1.22.19

Description

GitHub Advisory Links

Request

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Vulnerabilities with semver and ssri dependencies #9112

Description

ayoubhessouneopenedon Nov 1, 2024

Vulnerabilities in Dependencies in Yarn 1.22.19

Description

GitHub Advisory Links

Request

Activity

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions

ayoubhessoune
openedon Nov 1, 2024