On Mon July 31 EAP CP triage call. It has been decided that Node.js all dependencies need to be updated ( including dev dependencies) to resolve CVE-2022-25883.

Thus, we need to upgrade semver to a patched versions listed in https://github.com/advisories/GHSA-c2qf-rxjj-qqgw

For more details, please refer to the comment in JBEAP-25187.