fix(deps): update dependency semver to v7.8.4

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
semver	7.8.3 → 7.8.4

---

Release Notes

npm/node-semver (semver)

v7.8.4

Compare Source

Bug Fixes

• e583226 #​874 reject numeric segments after x-ranges (@​pupuking723)

---

Configuration

📅 Schedule: (in timezone Asia/Tokyo)

• Branch creation
  • Between 09:00 AM and 06:59 PM, Monday through Friday (* 9-18 * * 1-5)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[changeset-bot]

🦋 Changeset detected

Latest commit: 753ac38

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 3 packages

Name	Type
@tailor-platform/sdk	Patch
@tailor-platform/sdk-codemod	Patch
@tailor-platform/create-sdk	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[pkg-pr-new]

Open in StackBlitz

pnpm add https://pkg.pr.new/@tailor-platform/create-sdk@753ac38

pnpm add https://pkg.pr.new/@tailor-platform/sdk@753ac38

commit: 753ac38

[github-actions]

🤖 Claude Dependency Review

📦 Update Summary

• Library: semver
• Version: 7.8.3 → 7.8.4
• Change Type: Patch

📝 Release Notes

https://github.com/npm/node-semver/releases/tag/v7.8.4

🔐 Security Assessment

• Risk: 🟢 Low
• Known vulnerabilities: None affecting these versions. CVE-2022-25883 (Regular Expression Denial of Service) was fixed in 7.5.2, so both 7.8.3 and 7.8.4 are already patched and not vulnerable.
• Supply-chain notes: The v7.8.4 release commit is GPG-signed and verified (GitHub key ID: B5690EEEBB952194). No maintainer changes, no new lifecycle scripts, and no unexpected dependencies detected. No red flags identified.

✨ Main Changes

This patch release contains a single bug fix:

🐛 Bug Fixes

• Reject numeric segments after x-ranges (PR #874)
  • Improves validation strictness for semantic version range expressions
  • Prevents invalid version specifications where numeric identifiers inappropriately follow x-range components (e.g., 1.x.1 is now correctly rejected as invalid)
  • This is a validation improvement that makes semver parsing stricter and more correct

🔍 Impact Analysis

📁 Usage Locations

semver is used in the following 2 files:

1. packages/sdk/src/cli/shared/context.ts

   import { lt as semverLt } from "semver";

   • Feature used: lt (less than) comparison function
   • Usage context: Line 175 checks if the current SDK version is less than the minimum required SDK version to warn users about available config updates:

     if (semverLt(sdkVersion, v2Result.data.latest_min_sdk_version)) {
       logger.warn(`A newer config version is available...`);
     }

   • Impact: None. This code compares standard semver versions (e.g., "1.29.0") and does not use x-ranges. The bug fix only affects x-range validation and will not change the behavior of standard version comparisons.

2. packages/sdk-codemod/src/registry.ts

   import { lt, gte, valid } from "semver";

   • Features used: valid (validation), gte (greater than or equal), and lt (less than) functions
   • Usage context: Lines 109-121 in getApplicableCodemods() determine which codemods apply to a version upgrade:

     export function getApplicableCodemods(fromVersion: string, toVersion: string): CodemodPackage[] {
       if (!valid(fromVersion)) {
         throw new Error(`Invalid fromVersion: ${fromVersion}`);
       }
       if (!valid(toVersion)) {
         throw new Error(`Invalid toVersion: ${toVersion}`);
       }
       return allCodemods.filter(
         (codemod) =>
           gte(fromVersion, codemod.since) &&
           lt(fromVersion, codemod.until) &&
           gte(toVersion, codemod.until),
       );
     }

   • Impact: None. This code validates and compares standard semver versions (e.g., "1.0.0", "2.0.0") and does not use x-ranges. The stricter validation for x-ranges will not affect normal version strings.

✅ Recommended Actions

None. This is a safe, low-risk patch update that fixes a validation edge case without affecting existing functionality in this codebase. Both usage locations use standard semver comparison operations on normal version strings and do not rely on x-range parsing, so the bug fix has no behavioral impact on the SDK.

---

[renovate]

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

[github-actions]

Code Metrics Report (packages/sdk)

	main (5c110a5)	#1428 (eeb0af2)	+/-
Coverage	68.6%	68.6%	0.0%
Code to Test Ratio	1:0.4	1:0.4	0.0

Details

  |                    | main (5c110a5) | #1428 (eeb0af2) | +/-  |
  |--------------------|----------------|-----------------|------|
  | Coverage           |          68.6% |           68.6% | 0.0% |
  |   Files            |            420 |             420 |    0 |
  |   Lines            |          14772 |           14772 |    0 |
  |   Covered          |          10134 |           10134 |    0 |
  | Code to Test Ratio |          1:0.4 |           1:0.4 |  0.0 |
  |   Code             |          99148 |           99148 |    0 |
  |   Test             |          44181 |           44181 |    0 |

SDK Configure Bundle Size

	main (5c110a5)	#1428 (eeb0af2)	+/-
configure-index-size	20.08KB	20.08KB	0KB
dependency-chunks-size	47.71KB	47.71KB	0KB
total-bundle-size	67.79KB	67.79KB	0KB

Runtime Performance

	main (5c110a5)	#1428 (eeb0af2)	+/-
Generate Median	2,885ms	2,768ms	-117ms
Generate Max	2,998ms	2,819ms	-179ms
Apply Build Median	2,915ms	2,814ms	-101ms
Apply Build Max	2,935ms	2,829ms	-106ms

Type Performance (instantiations)

	main (5c110a5)	#1428 (eeb0af2)	+/-
tailordb-basic	36,086	36,086	0
tailordb-optional	3,841	3,841	0
tailordb-relation	5,921	5,921	0
tailordb-validate	2,566	2,566	0
tailordb-hooks	5,767	5,767	0
tailordb-object	12,136	12,136	0
tailordb-enum	2,462	2,462	0
resolver-basic	9,424	9,424	0
resolver-nested	26,111	26,111	0
resolver-array	18,187	18,187	0
executor-schedule	4,234	4,234	0
executor-webhook	873	873	0
executor-record	6,659	6,659	0
executor-resolver	4,369	4,369	0
executor-operation-function	868	868	0
executor-operation-gql	869	869	0
executor-operation-webhook	888	888	0
executor-operation-workflow	1,714	1,714	0

---

Reported by octocov