semver vulnerable to Regular Expression Denial of Service

The `semver` package has a security vulnerability. They only fixed v7, but the babel team has backported the fix to semver v6, can we use that? https://github.com/babel/babel/pull/15742

<details>
    <summary>npm audit output</summary>

```
# npm audit report

semver  <7.5.2
Severity: moderate
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
fix available via `npm audit fix --force`
node_modules/eslint-plugin-jsx-a11y/node_modules/semver
  eslint-plugin-jsx-a11y  >=6.6.0
  Depends on vulnerable versions of semver
  node_modules/eslint-plugin-jsx-a11y
```
</details>

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

semver vulnerable to Regular Expression Denial of Service #943

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

semver vulnerable to Regular Expression Denial of Service #943

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions