Dependency package of display-notification version 2.0.0 having vulnerability (Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range)

[srinu1111]

Describe the bug

Node.js version: 18.16.1

OS version: Windows 10

Description: Dependency package of display-notification version 2.0.0 having vulnerability. Latest version of display-notification having fix. Link https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795

Actual behavior

Expected behavior

Code to reproduce

Checklist

• [ *] I have searched through GitHub issues for similar issues.

• [ *] I have completely read through the README and documentation.

• [ *] I have tested my code with the latest version of Node.js and this package and confirmed it is still not working.

[sooryaprakash99]

Is there any update on this issue. Can you please update the "display-notification" to the package >2.0.0. We have facing the vulnerability issue in the nested dependency package (semver-5.7.1) of the "display-notification@2.0.0".

Upgrading the "display-notification" package will resolve the issue.

Please help us resolve this.

[titanism]

This is not an issue