CVE-2022-25883 via `semver@5.7.1`

[s100]

patch-package depends on semver@^5.6.0, which is vulnerable to CVE-2022-25883. This can be fixed by upgrading to semver@7.5.3 or later.

[toastwaffle]

#466 would fix this

[rsanchez]

Noting that #466 does not fix this, since that only bumps the semver version to 7.0.0, and not 7.5.3 or above.

#477 would fix this.

[s100]

Fixed in patch-package@7.0.1.