[api-extractor]  Semver package needs to be updated to address vulnerability

We are using API extractor, which has a dependency on the semver package: "semver": "~7.3.0". Recently there was a vulnerability reported for older versions of the semver package https://nvd.nist.gov/vuln/detail/CVE-2022-25883.

Can the semver package dependencies be updated in API extractor and better yet can we start leveraging ^ semver ranges for this dependency going forward to remove the friction on downstream repos for addressing these vulnerabilities
## Summary



## Repro steps



  **Expected result:** 

  **Actual result:** 

## Details



## Standard questions

Please answer these questions to help us investigate your issue more quickly:

| Question | Answer |
| -------- | -------- |
| `@microsoft/api-extractor` version? |  |
| Operating system? |  |
| API Extractor scenario? |  |
| Would you consider contributing a PR? |  |
| TypeScript compiler version? |  |
| Node.js version (`node -v`)? |  |

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[api-extractor] Semver package needs to be updated to address vulnerability #4216

Summary

Repro steps

Details

Standard questions

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Question	Answer
`@microsoft/api-extractor` version?
Operating system?
API Extractor scenario?
Would you consider contributing a PR?
TypeScript compiler version?
Node.js version (`node -v`)?

[api-extractor] Semver package needs to be updated to address vulnerability #4216

Description

Summary

Repro steps

Details

Standard questions

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions