[SECURITY] semver vulnerable to Regular Expression Denial of Service

[NullDev]

@babel/core depends on vulnerable versions of semver.
Babel uses Semver v6 for backwards compatibility. It's fixed in v7.
We are currently waiting on a backport of the fix to v6.
So is babel and vscode.

See here:
npm/node-semver#564 (comment)
babel/babel#15720 (comment)

Links to audits, CVE, etc.:
GHSA-c2qf-rxjj-qqgw
https://nvd.nist.gov/vuln/detail/CVE-2022-25883

---

Note that this currently is not a problem but rather just an inconvenience.
The vulnerability takes effect when user input is passed to semver, which babel does not do.

[NullDev]

UPDATE: Probably have to wait for update from babel. Backport has been made
npm/node-semver#564 (comment)