-
Notifications
You must be signed in to change notification settings - Fork 835
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Security vulnerability due to obsolete moment version #997
Comments
It can work with any version above 2.9.0. As long as you update moment you're good. If we place 2.29.4, all people who want to use an older version of moment won't be able to do it. Aren't tools smart enough to know what is |
Edit: Yes, I know it doesn't matter, but compliance people don't understand this. They see "high risk vulnerability = bad". |
If you've upgraded Ideally we'd make |
any possible solutions or updates on this? |
Fixed in version |
Moment-timezone version which you use:
Version: 0.5.34
Issue description:
Security vulnerability reported in our private repository due to
moment-timezone
.Please see advisory GHSA-wc69-rhjr-hc9g "Inefficient Regular Expression Complexity in moment".
Current version of
moment-timezone
usesmoment
2.9.0 . Please update dependency to at least 2.29.4 to fix the vulnerability.The text was updated successfully, but these errors were encountered: