Vulnerability in semver Dependency

[obouhlel]

Hello,

I hope you're doing well.

I wanted to bring to your attention a security issue with the semver package version used in your project. When running yarn audit, the following vulnerability is reported:

yarn audit v1.22.22
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ high          │ semver vulnerable to Regular Expression Denial of Service    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ semver                                                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=7.5.2                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ cucumber-html-reporter                                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ cucumber-html-reporter > @cucumber/cucumber > semver         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://www.npmjs.com/advisories/1098562                     │
└───────────────┴──────────────────────────────────────────────────────────────┘
1 vulnerabilities found - Packages audited: 300
Severity: 1 High
Done in 0.58s.

Currently, the version of semver used is 7.3.8, which is vulnerable. I noticed that your project is using @cucumber/cucumber version 9.1.2. Updating to the latest version of @cucumber/cucumber (10.9.0 or higher) might resolve this issue, as it should include the patched version of semver.

I appreciate your attention to this matter and look forward to any updates.

Thank you for your time and hard work on this project.

Best regards,
obouhlel