chore(deps): unpin semver

[wjhsf]

Running yarn install (before):

yarn install v1.22.22
[1/5] 🔍  Validating package.json...
[2/5] 🔍  Resolving packages...
warning Resolution field "semver@7.6.0" is incompatible with requested version "semver@^6.3.1"
warning Resolution field "semver@7.6.0" is incompatible with requested version "semver@^6.3.1"
warning Resolution field "semver@7.6.0" is incompatible with requested version "semver@^6.3.1"
warning Resolution field "semver@7.6.0" is incompatible with requested version "semver@^7.6.3"
warning Resolution field "semver@7.6.0" is incompatible with requested version "semver@^6.3.1"
warning Resolution field "semver@7.6.0" is incompatible with requested version "semver@^6.3.1"
warning Resolution field "semver@7.6.0" is incompatible with requested version "semver@^6.3.1"
warning Resolution field "semver@7.6.0" is incompatible with requested version "semver@^6.3.1"
warning Resolution field "semver@7.6.0" is incompatible with requested version "semver@^6.3.1"
warning Resolution field "semver@7.6.0" is incompatible with requested version "semver@^6.3.1"
warning Resolution field "semver@7.6.0" is incompatible with requested version "semver@^6.3.0"
warning Resolution field "semver@7.6.0" is incompatible with requested version "semver@^7.6.3"
warning Resolution field "semver@7.6.0" is incompatible with requested version "semver@^7.6.3"
warning Resolution field "semver@7.6.0" is incompatible with requested version "semver@^7.7.2"
warning Resolution field "semver@7.6.0" is incompatible with requested version "semver@^5.6.0"
warning Resolution field "semver@7.6.0" is incompatible with requested version "semver@^5.5.0"
warning Resolution field "semver@7.6.0" is incompatible with requested version "semver@^5.3.0"
warning Resolution field "http-cache-semantics@4.1.1" is incompatible with requested version "http-cache-semantics@3.8.1"
success Already up-to-date.

Running yarn install (after):

yarn install v1.22.22
[1/5] 🔍  Validating package.json...
[2/5] 🔍  Resolving packages...
warning Resolution field "http-cache-semantics@4.1.1" is incompatible with requested version "http-cache-semantics@3.8.1"
success Already up-to-date.

We originally pinned semver to patch a vulnerability. That was a while ago, and all of our dependencies now used patched versions, so the pin is no longer necessary. And it makes yarn install way less noisy! You can verify that this is safe by running yarn audit and seeing that semver is not listed, or by running yarn why semver and seeing that all installed versions are not vulnerable.

Note that some of our dependencies still try to pull in a version of http-cache-semantics that has a vulnerability, so we can't remove that pin. We can update the pin to the latest version, though. Just for fun.

Details

Does this pull request introduce a breaking change?

• 😮‍💨 No, it does not introduce a breaking change.
• 💔 Yes, it does introduce a breaking change.

Does this pull request introduce an observable change?

• 🤞 No, it does not introduce an observable change.
• 🔬 Yes, it does include an observable change.

GUS work item