[Snyk] Security upgrade semver from 7.3.2 to 7.5.2

[EMWickd]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • workspaces/arborist/test/fixtures/dep-installed-without-bin-link/package.json
  • workspaces/arborist/test/fixtures/dep-installed-without-bin-link/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	658/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: semver

The new version differs by 96 commits.

• e7b78de chore: release 7.5.2
• 58c791f fix: diff when detecting major change from prerelease ([BUG] cb() never called! when run npm ci command npm/cli#566)
• 5c8efbc fix: preserve build in raw after inc (Fixed "publish --force" not correctly publishing for already published packages npm/cli#565)
• 717534e fix: better handling of whitespace ([FEATURE] Do not remove node_modules on npm ci npm/cli#564)
• 2f738e9 chore: bump @ npmcli/template-oss from 4.14.1 to 4.15.1 ([BUG] npm ci installs an optional dependency which targets a different os than the host os npm/cli#558)
• aa016a6 chore: release 7.5.1
• d30d25a fix: show type on invalid semver error ([BUG] npm publish uses different registry then npm unpublish npm/cli#559)
• 09c69e2 chore: bump @ npmcli/template-oss from 4.13.0 to 4.14.1 ([BUG] npm install -g npm may break npm installation npm/cli#555)
• 5b02ad7 chore: release 7.5.0
• e219bb4 fix: throw on bad version with correct error message (npm [QUESTION] <title> npm/cli#552)
• 503a4e5 feat: allow identifierBase to be false (Videogular2: mute functionality is not working in iphone, ipad - angular8 npm/cli#548)
• fc2f3df fix: incorrect results from diff sometimes with prerelease versions (makefile: fix docs target typo npm/cli#546)
• 2781767 fix: avoid re-instantiating SemVer during diff compare ([BUG] error cb() never called! npm/cli#547)
• 82aa7f6 chore: release 7.4.0
• 731d896 chore: enable CD ([BUG] Couldn't find any versions for "core-js" that matches "3.4.7" npm/cli#545)
• 940723d fix: intersects with v0.0.0 and v0.0.0-0 ([QUESTION] --ignore-scripts for security only? npm/cli#538)
• aa516b5 fix: faster parse options ([BUG] npm link ../doesnt-exist gives EINVALIDTYPE npm/cli#535)
• 61e6ea1 fix: faster cache key factory for range (Improve shrinkwrap security by default by using always SHA512 hashes npm/cli#536)
• f8b8b61 fix: optimistic parse ([BUG] "npm run" appears not to work npm/cli#541)
• 796cbe2 fix: semver.diff prerelease to release recognition ([FEATURE] Allow for npm linking to local prefix npm/cli#533)
• 3f222b1 fix: reuse comparators on subset (#537)
• 113f513 feat: identifierBase parameter for .inc (npm-link: clarify usage of global prefix npm/cli#532)
• ea689bc chore: basic type test for RELEASE_TYPES
• c5d29df docs: Add "Constants" section to README

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)