fix(core): Upgrade semver to address CVE-2022-25883 (#6689)

* fix(core): Upgrade semver to address CVE-2022-25883 [GH Advisory](GHSA-c2qf-rxjj-qqgw) * enforce the patched version of semver everywhere in the dev setup
n8n-io · Jul 18, 2023 · 47bc673 · 47bc673
1 parent a8a406e
commit 47bc673
Show file tree

Hide file tree

Showing 5 changed files with 72 additions and 88 deletions.
diff --git a/.github/scripts/package.json b/.github/scripts/package.json
@@ -3,7 +3,7 @@
     "add-stream": "^1.0.0",
     "conventional-changelog": "^4.0.0",
     "glob": "^10.3.0",
-    "semver": "^7.5.2",
+    "semver": "^7.5.4",
     "tempfile": "^5.0.0",
     "typescript": "*"
   }

diff --git a/package.json b/package.json
@@ -84,6 +84,7 @@
       "http-cache-semantics": "4.1.1",
       "jsonwebtoken": "9.0.0",
       "prettier": "^2.8.3",
+      "semver": "^7.5.4",
       "tough-cookie": "^4.1.3",
       "tslib": "^2.5.0",
       "ts-node": "^10.9.1",

diff --git a/packages/cli/package.json b/packages/cli/package.json
@@ -169,7 +169,7 @@
     "reflect-metadata": "^0.1.13",
     "replacestream": "^4.0.3",
     "samlify": "^2.8.9",
-    "semver": "^7.3.8",
+    "semver": "^7.5.4",
     "shelljs": "^0.8.5",
     "simple-git": "^3.17.0",
     "source-map-support": "^0.5.21",

diff --git a/packages/nodes-base/package.json b/packages/nodes-base/package.json
@@ -836,7 +836,7 @@
     "request": "^2.88.2",
     "rhea": "^1.0.11",
     "rss-parser": "^3.7.0",
-    "semver": "^7.3.8",
+    "semver": "^7.5.4",
     "showdown": "^2.0.3",
     "simple-git": "^3.17.0",
     "snowflake-sdk": "^1.6.23",