Security advice semver #590
Description
$ npm audit
# npm audit report
semver 7.0.0 - 7.5.1
Severity: moderate
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
fix available via `npm audit fix`
node_modules/simple-update-notifier/node_modules/semver
simple-update-notifier 1.0.7 - 1.1.0
Depends on vulnerable versions of semver
node_modules/simple-update-notifier
nodemon 2.0.19 - 2.0.22
Depends on vulnerable versions of simple-update-notifier
node_modules/@trapezedev/project/node_modules/nodemon
3 moderate severity vulnerabilities
$ npm ls simple-update-notifier
[email protected] /Users/xl/Developer/x/x
└─┬ @capacitor/[email protected]
└─┬ @trapezedev/[email protected]
└─┬ [email protected]
└─┬ [email protected]
└── [email protected]