[Snyk] Upgrade semver from 7.1.3 to 7.3.7 by MarcelRaschke · Pull Request #10 · MarcelRaschke/setup-python
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to upgrade semver from 7.1.3 to 7.3.7.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
- The recommended version is 12 versions ahead of your current version.
- The recommended version was released 4 months ago, on 2022-04-12.
The recommended version fixes:
| Severity | Issue | PriorityScore (*) | Exploit Maturity |
|---|---|---|---|
 |
Improper Input Validation SNYK-JS-ACTIONSCORE-2980270 |
536/1000 Why? Recently disclosed, Has a fix available, CVSS 5 |
No Known Exploit |
(*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: semver
-
7.3.7 - 2022-04-12
7.3.7 (2022-04-11)
Bug Fixes
- allow node >=10 (85b269a)
- bin: get correct value from arg separated by equals (#449) (4ceca76), closes #431
- ensure SemVer instance passed to inc are not modified (#427) (f070dde)
- inc prerelease with numeric preid (#380) (802e161)
Dependencies
- revert to lru-cache@6 (22ae54d)
-
7.3.6 - 2022-04-06
7.3.6 (2022-04-05)
Bug Fixes
- #329 (cb1ca1d)
- properly escape dots in
GTE0regexes (#432) (11494f1) - replace deprecated String.prototype.substr() (#445) (e2d55e7)
- replace regex used to split ranges (#434) (9ab7b71)
Documentation
- clarify * range behavior (cb1ca1d)
Dependencies
-
7.3.5 - 2021-03-23
7.3.5
-
7.3.4 - 2020-12-01
7.3.4
-
7.3.3 - 2020-12-01
7.3.3
-
7.3.2 - 2020-04-14
7.3.2
-
7.3.1 - 2020-04-14
7.3.1
-
7.3.0 - 2020-04-14
7.3.0
-
7.2.3 - 2020-04-13
7.2.3
-
7.2.2 - 2020-04-10
7.2.2
- 7.2.1 - 2020-04-06
- 7.2.0 - 2020-04-06
- 7.1.3 - 2020-02-11
Commit messages
Package name: semver
- 7a2d69c chore(main): release 7.3.7 (Fx pipenv python version actions/setup-python#451)
- f070dde fix: ensure SemVer instance passed to inc are not modified (Pass the
tokeninput through on GHES actions/setup-python#427) - 4571a1a chore(test): add test for max safe integers in ranges (Rearranged logic of the ResolveVersionInput() actions/setup-python#450)
- 802e161 fix: inc prerelease with numeric preid (Request: no-hash option actions/setup-python#380)
- 4ceca76 fix(bin): get correct value from arg separated by equals (having versions-manifest.json MANIFEST_REPO_BRANCH configurable actions/setup-python#449)
- e7c3973 chore: postinstall for dependabot template-oss PR
- a683bf9 chore: bump @ npmcli/template-oss from 3.2.2 to 3.3.2
- 85b269a fix: allow node >=10
- 22ae54d deps: revert to lru-cache@6
- 1ea0fe2 chore(main): release 7.3.6 (Only use github.token on github.com actions/setup-python#443)
- e2d55e7 fix: replace deprecated String.prototype.substr() (Fix poetry version actions/setup-python#445)
- c837758 chore: bump @ npmcli/template-oss from 3.2.0 to 3.2.2 (Fixing pipenv CI actions/setup-python#444)
- 4907647 chore: use `@ npmcli/template-oss` (Under v4, not specifying a python-version results in a failure to run actions/setup-python#433)
- 9a3064c deps: lru-cache@7.4.0 (SIGSEGV when Python tests use the
ctypesmodule actions/setup-python#442) - 60cbb3f deps: tap@16.0.0 (
_struct.cpython-310-darwin.sois not a fat binary actions/setup-python#439) - 11494f1 fix: properly escape dots in `GTE0` regexes (Dependencies cache key has to be specific to OS version actions/setup-python#432)
- 9ab7b71 fix: replace regex used to split ranges (add restore cache error handling actions/setup-python#434)
- cb1ca1d docs: clarify * range behavior
- f1e4e29 chore: update settings.yml (Python 3.7.13 macOS: tk.h version (8.6) doesn't match libtk.a version (8.5) actions/setup-python#402)
- e79ac3a 7.3.5
- 0ce87d6 Correctly handle prereleases/ANY ranges in subset
- 15ed208 fix(subset): check any as superset
- 093b40f 7.3.4
- 93ff028 use modern lru-cache, not legacy
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
🔕 Ignore this dependency or unsubscribe from future upgrade PRs