Hi,

Good day.
Just wanted to inform that we encountered a security issue on one of nodemon dependency for its version 2.0.22:

Dependency: semver
Version: 7.0.0

It is raised under this CVE ID: CVE-2022-25883

If this was already discussed and resolution was already delivered. Let us know.
Thank you.

This is strange, because nodemon has been using semver@^7.5.3 for over 6 months (as you can see from this commit back in June: 083b4a6 ).

Are you sure or is this just a random generated output from your command line that happens to be out of date?

This issue has been automatically marked as idle and stale because it hasn't had any recent activity. It will be automtically closed if no further activity occurs. If you think this is wrong, or the problem still persists, just pop a reply in the comments and @remy will (try!) to follow up.
Thank you for contributing <3