chore: locks semver 5.7.x to 5.7.2, 6.3.x to 6.3.1 and 7.5.x to 7.5.4 - COMPASS-6966, COMPASS-6967, COMPASS-6969 (#4634)

himanshusinghs · web-flow · commit 247cba5e738b · 2023-07-12T14:45:33.000+02:00
diff --git a/.snyk b/.snyk
@@ -1,6 +1,12 @@
 # Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
-version: v1.12.0
-ignore: {}
+version: v1.25.0
+# ignores vulnerabilities until expiry date; change duration by modifying expiry date
+ignore:
+  SNYK-JS-SEMVER-3247795:
+    - '*':
+        reason: "Security patches released for semver 5.x (5.7.2) and 6.x (6.3.1) are not yet known to Snyk which is why we would like to ignore this vulnerability until the mentioned expiry."
+        expires: 2023-08-11T09:00:55.553Z
+        created: 2023-07-12T09:00:55.557Z
 # patches apply the minimum changes required to fix a vulnerability
 patch:
   'npm:ms:20170412':
diff --git a/package-lock.json b/package-lock.json
diff --git a/packages/app-migrations/package.json b/packages/app-migrations/package.json
@@ -26,7 +26,7 @@
     "async": "^3.2.2",
     "debug": "^4.2.0",
     "lodash": "^4.17.21",
-    "semver": "^7.1.1"
+    "semver": "^7.5.4"
   },
   "devDependencies": {
     "depcheck": "^1.4.1",
diff --git a/packages/compass-crud/package.json b/packages/compass-crud/package.json
@@ -104,7 +104,7 @@
     "react-dom": "^17.0.2",
     "reflux": "^0.4.1",
     "reflux-state-mixin": "github:mongodb-js/reflux-state-mixin",
-    "semver": "^7.5.2",
+    "semver": "^7.5.4",
     "sinon": "^8.1.1"
   },
   "dependencies": {
diff --git a/packages/compass-editor/package.json b/packages/compass-editor/package.json
@@ -79,6 +79,6 @@
     "@mongodb-js/mongodb-constants": "^0.6.0",
     "polished": "^4.2.2",
     "prettier": "^2.7.1",
-    "semver": "^7.5.0"
+    "semver": "^7.5.4"
   }
 }
diff --git a/packages/compass/package.json b/packages/compass/package.json
@@ -262,7 +262,7 @@
     "react": "^17.0.2",
     "react-dom": "^17.0.2",
     "reflux": "^0.4.1",
-    "semver": "^7.3.5",
+    "semver": "^7.5.4",
     "sinon": "^8.1.1",
     "source-code-pro": "^2.38.0",
     "storage-mixin": "^5.1.5",
diff --git a/scripts/package.json b/scripts/package.json
@@ -38,8 +38,8 @@
   },
   "dependencies": {
     "@mongodb-js/devtools-docker-test-envs": "^1.2.4",
-    "@mongodb-js/webpack-config-compass": "^1.1.0",
     "@mongodb-js/monorepo-tools": "^1.1.1",
+    "@mongodb-js/webpack-config-compass": "^1.1.0",
     "commander": "^11.0.0",
     "cross-spawn": "^7.0.3",
     "electron": "^23.3.9",
@@ -57,7 +57,7 @@
     "pkg-up": "^3.1.0",
     "prompts": "^2.4.1",
     "rimraf": "^5.0.1",
-    "semver": "^7.3.5",
+    "semver": "^7.5.4",
     "uuid": "^8.3.2",
     "yargs-parser": "^21.1.1"
   }

Original file line number	Diff line number	Diff line change
`@@ -79,6 +79,6 @@`
`79`	`79`	`"@mongodb-js/mongodb-constants": "^0.6.0",`
`80`	`80`	`"polished": "^4.2.2",`
`81`	`81`	`"prettier": "^2.7.1",`
`82`		`- "semver": "^7.5.0"`
	`82`	`+ "semver": "^7.5.4"`
`83`	`83`	`}`
`84`	`84`	`}`