Warn or error if 2012-2022 dataset is used? #1035
Comments
|
That's a great idea. The old 2012-2022 data file hasn't been linked on the project homepage for a long time, but has been kept in the package for backwards compatibility. But now that it's 2023 that file is 100% obsolete. If there's ever a breaking-change release of this package, that file should be removed completely. Adding a deprecation warning now will help prepare for that. It shouldn't be too hard to modify the build/release process to add a warning to just that file. |
scudette
pushed a commit
to Velocidex/velociraptor
that referenced
this issue
Mar 19, 2023
<h3>Snyk has created this PR to upgrade moment-timezone from 0.5.40 to
0.5.41.</h3>
:information_source: Keep your dependencies up-to-date. This makes it
easier to fix existing vulnerabilities and to more quickly identify and
fix newly disclosed vulnerabilities when they affect your project.
<hr/>
- The recommended version is **1 version** ahead of your current
version.
- The recommended version was released **21 days ago**, on 2023-02-25.
<details>
<summary><b>Release notes</b></summary>
<br/>
<details>
<summary>Package name: <b>moment-timezone</b></summary>
<ul>
<li>
<b>0.5.41</b> - <a
href="https://snyk.io/redirect/github/moment/moment-timezone/releases/tag/0.5.41">2023-02-25</a></br><ul>
<li>Updated <code>moment</code> npm dependency to <code>2.29.4</code> to
remove automated warnings about insecure dependencies <a
class="issue-link js-issue-link" data-error-text="Failed to load title"
data-id="1376195089" data-permission-text="Title is private"
data-url="moment/moment-timezone#1004"
data-hovercard-type="pull_request"
data-hovercard-url="/moment/moment-timezone/pull/1004/hovercard"
href="https://snyk.io/redirect/github/moment/moment-timezone/pull/1004">#1004</a>.<br>
Moment Timezone still works with core Moment <code>2.9.0</code> and
higher.</li>
<li>Updated all dev dependencies including UglifyJS, which produces the
minified builds.</li>
<li>Added deprecation warning to the pre-built
<code>moment-timezone-with-data-2012-2022</code> bundles <a
href="https://snyk.io/redirect/github/moment/moment-timezone/issues/1035"
data-hovercard-type="issue"
data-hovercard-url="/moment/moment-timezone/issues/1035/hovercard">#1035</a>.<br>
Use the rolling <code>moment-timezone-with-data-10-year-range</code>
files instead.</li>
</ul>
</li>
<li>
<b>0.5.40</b> - <a
href="https://snyk.io/redirect/github/moment/moment-timezone/releases/tag/0.5.40">2022-12-11</a></br><ul>
<li>Updated data to IANA TZDB <code>2022g</code></li>
</ul>
</li>
</ul>
from <a
href="https://snyk.io/redirect/github/moment/moment-timezone/releases">moment-timezone
GitHub release notes</a>
</details>
</details>
<details>
<summary><b>Commit messages</b></summary>
</br>
<details>
<summary>Package name: <b>moment-timezone</b></summary>
<ul>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/98d3add7187947f37046a316802dcdfe40ad306a">98d3add</a>
Build moment-timezone 0.5.41</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/78cf3ade7b138f1d464be79194680fc1a8a7e290">78cf3ad</a>
changelog: Add 0.5.41</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/cd35dc6e3c806c91d46e7e6bc5039505f73052f3">cd35dc6</a>
Bump version to 0.5.41</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/76f5a75096026144f20c5e12adf325862e70e21c">76f5a75</a>
Re-number build tasks to match new running order</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/ace9a77b0d410509a6a8e92f21d1e4a15f8bce64">ace9a77</a>
Fix broken badges in README</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/8080504d8e39739e82e99ab2a87c60de9cd8915d">8080504</a>
Bump moment dependency to 2.29.4 (#1004)</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/61b14d67a4a479ae3f95892a8ae145f2b0ba9dfd">61b14d6</a>
Add deprecation warning to 2012-2022 pre-built files (#1036)</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/fc2936973a0be8b8f84e856ca23ee8d17441170f">fc29369</a>
Bump remaining grunt-contrib packages</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/c83479e54083f132dfc3455ef606794e291a37fe">c83479e</a>
tests: Fix guess tests for 2023</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/e501621297d7f992325bee5641f31c28a034addf">e501621</a>
Bump y18n from 4.0.0 to 4.0.3 (#1026)</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/0a7b5ddb47a59a5cc4efbc5e344e33d786955bd8">0a7b5dd</a>
Bump shelljs and grunt-contrib-jshint (#1025)</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/6078ad6921490bf05bc5b9e896bee63ef786d9d0">6078ad6</a>
Bump ejs and grunt-contrib-nodeunit (#1013)</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/84e665aa330c182533f72f7d4af73094a06c532f">84e665a</a>
Bump qs from 6.5.2 to 6.5.3 (#1021)</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/5bdbd1143db3d54eed69d6e2d9deb2e56dfe86c9">5bdbd11</a>
Bump minimatch from 3.0.4 to 3.0.8 (#1016)</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/8d1a6e1e0fe2e393ccf47f853ccd321aa1fa85b0">8d1a6e1</a>
Bump minimist, mkdirp and handlebars (#1012)</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/cfbbd5cd03fdde4374badc662db3b42158eeced9">cfbbd5c</a>
Bump json-schema and jsprim (#1011)</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/36ccdd3659490ba59cc4ba86122b535aa3c81a5d">36ccdd3</a>
Bump async from 2.6.2 to 2.6.4 (#1010)</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/4b38e45977b9a8b36f7814aa3f6be93bf9fb488b">4b38e45</a>
Bump ajv from 6.10.0 to 6.12.6 (#1003)</li>
</ul>
<a
href="https://snyk.io/redirect/github/moment/moment-timezone/compare/d34de5593ddc0ccb7d4d73f3c7364e45cf28058a...98d3add7187947f37046a316802dcdfe40ad306a">Compare</a>
</details>
</details>
<hr/>
**Note:** *You are seeing this because you or someone else with access
to this repository has authorized Snyk to open upgrade PRs.*
For more information: <img
src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiJmMWM1MzU0Yy0yNGZkLTQwNzMtYWQzNS1lMTgzYjJmY2MwMjQiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6ImYxYzUzNTRjLTI0ZmQtNDA3My1hZDM1LWUxODNiMmZjYzAyNCJ9fQ=="
width="0" height="0"/>
🧐 [View latest project
report](https://app.snyk.io/org/scudette/project/76f4d127-566b-42ef-86f4-bdcbc92b90b4?utm_source=github&utm_medium=referral&page=upgrade-pr)
🛠 [Adjust upgrade PR
settings](https://app.snyk.io/org/scudette/project/76f4d127-566b-42ef-86f4-bdcbc92b90b4/settings/integration?utm_source=github&utm_medium=referral&page=upgrade-pr)
🔕 [Ignore this dependency or unsubscribe from future upgrade
PRs](https://app.snyk.io/org/scudette/project/76f4d127-566b-42ef-86f4-bdcbc92b90b4/settings/integration?pkg=moment-timezone&utm_source=github&utm_medium=referral&page=upgrade-pr#auto-dep-upgrades)
<!---
(snyk:metadata:{"prId":"f1c5354c-24fd-4073-ad35-e183b2fcc024","prPublicId":"f1c5354c-24fd-4073-ad35-e183b2fcc024","dependencies":[{"name":"moment-timezone","from":"0.5.40","to":"0.5.41"}],"packageManager":"npm","type":"auto","projectUrl":"https://app.snyk.io/org/scudette/project/76f4d127-566b-42ef-86f4-bdcbc92b90b4?utm_source=github&utm_medium=referral&page=upgrade-pr","projectPublicId":"76f4d127-566b-42ef-86f4-bdcbc92b90b4","env":"prod","prType":"upgrade","vulns":[],"issuesToFix":[],"upgrade":[],"upgradeInfo":{"versionsDiff":1,"publishedDate":"2023-02-25T07:02:31.672Z"},"templateVariants":[],"hasFixes":false,"isMajorUpgrade":false,"isBreakingChange":false,"priorityScoreList":[]})
--->
scudette
pushed a commit
to Velocidex/velociraptor
that referenced
this issue
Mar 20, 2023
<h3>Snyk has created this PR to upgrade moment-timezone from 0.5.40 to
0.5.41.</h3>
:information_source: Keep your dependencies up-to-date. This makes it
easier to fix existing vulnerabilities and to more quickly identify and
fix newly disclosed vulnerabilities when they affect your project.
<hr/>
- The recommended version is **1 version** ahead of your current
version.
- The recommended version was released **21 days ago**, on 2023-02-25.
<details>
<summary><b>Release notes</b></summary>
<br/>
<details>
<summary>Package name: <b>moment-timezone</b></summary>
<ul>
<li>
<b>0.5.41</b> - <a
href="https://snyk.io/redirect/github/moment/moment-timezone/releases/tag/0.5.41">2023-02-25</a></br><ul>
<li>Updated <code>moment</code> npm dependency to <code>2.29.4</code> to
remove automated warnings about insecure dependencies <a
class="issue-link js-issue-link" data-error-text="Failed to load title"
data-id="1376195089" data-permission-text="Title is private"
data-url="moment/moment-timezone#1004"
data-hovercard-type="pull_request"
data-hovercard-url="/moment/moment-timezone/pull/1004/hovercard"
href="https://snyk.io/redirect/github/moment/moment-timezone/pull/1004">#1004</a>.<br>
Moment Timezone still works with core Moment <code>2.9.0</code> and
higher.</li>
<li>Updated all dev dependencies including UglifyJS, which produces the
minified builds.</li>
<li>Added deprecation warning to the pre-built
<code>moment-timezone-with-data-2012-2022</code> bundles <a
href="https://snyk.io/redirect/github/moment/moment-timezone/issues/1035"
data-hovercard-type="issue"
data-hovercard-url="/moment/moment-timezone/issues/1035/hovercard">#1035</a>.<br>
Use the rolling <code>moment-timezone-with-data-10-year-range</code>
files instead.</li>
</ul>
</li>
<li>
<b>0.5.40</b> - <a
href="https://snyk.io/redirect/github/moment/moment-timezone/releases/tag/0.5.40">2022-12-11</a></br><ul>
<li>Updated data to IANA TZDB <code>2022g</code></li>
</ul>
</li>
</ul>
from <a
href="https://snyk.io/redirect/github/moment/moment-timezone/releases">moment-timezone
GitHub release notes</a>
</details>
</details>
<details>
<summary><b>Commit messages</b></summary>
</br>
<details>
<summary>Package name: <b>moment-timezone</b></summary>
<ul>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/98d3add7187947f37046a316802dcdfe40ad306a">98d3add</a>
Build moment-timezone 0.5.41</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/78cf3ade7b138f1d464be79194680fc1a8a7e290">78cf3ad</a>
changelog: Add 0.5.41</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/cd35dc6e3c806c91d46e7e6bc5039505f73052f3">cd35dc6</a>
Bump version to 0.5.41</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/76f5a75096026144f20c5e12adf325862e70e21c">76f5a75</a>
Re-number build tasks to match new running order</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/ace9a77b0d410509a6a8e92f21d1e4a15f8bce64">ace9a77</a>
Fix broken badges in README</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/8080504d8e39739e82e99ab2a87c60de9cd8915d">8080504</a>
Bump moment dependency to 2.29.4 (#1004)</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/61b14d67a4a479ae3f95892a8ae145f2b0ba9dfd">61b14d6</a>
Add deprecation warning to 2012-2022 pre-built files (#1036)</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/fc2936973a0be8b8f84e856ca23ee8d17441170f">fc29369</a>
Bump remaining grunt-contrib packages</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/c83479e54083f132dfc3455ef606794e291a37fe">c83479e</a>
tests: Fix guess tests for 2023</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/e501621297d7f992325bee5641f31c28a034addf">e501621</a>
Bump y18n from 4.0.0 to 4.0.3 (#1026)</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/0a7b5ddb47a59a5cc4efbc5e344e33d786955bd8">0a7b5dd</a>
Bump shelljs and grunt-contrib-jshint (#1025)</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/6078ad6921490bf05bc5b9e896bee63ef786d9d0">6078ad6</a>
Bump ejs and grunt-contrib-nodeunit (#1013)</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/84e665aa330c182533f72f7d4af73094a06c532f">84e665a</a>
Bump qs from 6.5.2 to 6.5.3 (#1021)</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/5bdbd1143db3d54eed69d6e2d9deb2e56dfe86c9">5bdbd11</a>
Bump minimatch from 3.0.4 to 3.0.8 (#1016)</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/8d1a6e1e0fe2e393ccf47f853ccd321aa1fa85b0">8d1a6e1</a>
Bump minimist, mkdirp and handlebars (#1012)</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/cfbbd5cd03fdde4374badc662db3b42158eeced9">cfbbd5c</a>
Bump json-schema and jsprim (#1011)</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/36ccdd3659490ba59cc4ba86122b535aa3c81a5d">36ccdd3</a>
Bump async from 2.6.2 to 2.6.4 (#1010)</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/4b38e45977b9a8b36f7814aa3f6be93bf9fb488b">4b38e45</a>
Bump ajv from 6.10.0 to 6.12.6 (#1003)</li>
</ul>
<a
href="https://snyk.io/redirect/github/moment/moment-timezone/compare/d34de5593ddc0ccb7d4d73f3c7364e45cf28058a...98d3add7187947f37046a316802dcdfe40ad306a">Compare</a>
</details>
</details>
<hr/>
**Note:** *You are seeing this because you or someone else with access
to this repository has authorized Snyk to open upgrade PRs.*
For more information: <img
src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiJmMWM1MzU0Yy0yNGZkLTQwNzMtYWQzNS1lMTgzYjJmY2MwMjQiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6ImYxYzUzNTRjLTI0ZmQtNDA3My1hZDM1LWUxODNiMmZjYzAyNCJ9fQ=="
width="0" height="0"/>
🧐 [View latest project
report](https://app.snyk.io/org/scudette/project/76f4d127-566b-42ef-86f4-bdcbc92b90b4?utm_source=github&utm_medium=referral&page=upgrade-pr)
🛠 [Adjust upgrade PR
settings](https://app.snyk.io/org/scudette/project/76f4d127-566b-42ef-86f4-bdcbc92b90b4/settings/integration?utm_source=github&utm_medium=referral&page=upgrade-pr)
🔕 [Ignore this dependency or unsubscribe from future upgrade
PRs](https://app.snyk.io/org/scudette/project/76f4d127-566b-42ef-86f4-bdcbc92b90b4/settings/integration?pkg=moment-timezone&utm_source=github&utm_medium=referral&page=upgrade-pr#auto-dep-upgrades)
<!---
(snyk:metadata:{"prId":"f1c5354c-24fd-4073-ad35-e183b2fcc024","prPublicId":"f1c5354c-24fd-4073-ad35-e183b2fcc024","dependencies":[{"name":"moment-timezone","from":"0.5.40","to":"0.5.41"}],"packageManager":"npm","type":"auto","projectUrl":"https://app.snyk.io/org/scudette/project/76f4d127-566b-42ef-86f4-bdcbc92b90b4?utm_source=github&utm_medium=referral&page=upgrade-pr","projectPublicId":"76f4d127-566b-42ef-86f4-bdcbc92b90b4","env":"prod","prType":"upgrade","vulns":[],"issuesToFix":[],"upgrade":[],"upgradeInfo":{"versionsDiff":1,"publishedDate":"2023-02-25T07:02:31.672Z"},"templateVariants":[],"hasFixes":false,"isMajorUpgrade":false,"isBreakingChange":false,"priorityScoreList":[]})
--->
scudette
pushed a commit
to Velocidex/velociraptor
that referenced
this issue
Mar 20, 2023
<h3>Snyk has created this PR to upgrade moment-timezone from 0.5.40 to
0.5.41.</h3>
:information_source: Keep your dependencies up-to-date. This makes it
easier to fix existing vulnerabilities and to more quickly identify and
fix newly disclosed vulnerabilities when they affect your project.
<hr/>
- The recommended version is **1 version** ahead of your current
version.
- The recommended version was released **21 days ago**, on 2023-02-25.
<details>
<summary><b>Release notes</b></summary>
<br/>
<details>
<summary>Package name: <b>moment-timezone</b></summary>
<ul>
<li>
<b>0.5.41</b> - <a
href="https://snyk.io/redirect/github/moment/moment-timezone/releases/tag/0.5.41">2023-02-25</a></br><ul>
<li>Updated <code>moment</code> npm dependency to <code>2.29.4</code> to
remove automated warnings about insecure dependencies <a
class="issue-link js-issue-link" data-error-text="Failed to load title"
data-id="1376195089" data-permission-text="Title is private"
data-url="moment/moment-timezone#1004"
data-hovercard-type="pull_request"
data-hovercard-url="/moment/moment-timezone/pull/1004/hovercard"
href="https://snyk.io/redirect/github/moment/moment-timezone/pull/1004">#1004</a>.<br>
Moment Timezone still works with core Moment <code>2.9.0</code> and
higher.</li>
<li>Updated all dev dependencies including UglifyJS, which produces the
minified builds.</li>
<li>Added deprecation warning to the pre-built
<code>moment-timezone-with-data-2012-2022</code> bundles <a
href="https://snyk.io/redirect/github/moment/moment-timezone/issues/1035"
data-hovercard-type="issue"
data-hovercard-url="/moment/moment-timezone/issues/1035/hovercard">#1035</a>.<br>
Use the rolling <code>moment-timezone-with-data-10-year-range</code>
files instead.</li>
</ul>
</li>
<li>
<b>0.5.40</b> - <a
href="https://snyk.io/redirect/github/moment/moment-timezone/releases/tag/0.5.40">2022-12-11</a></br><ul>
<li>Updated data to IANA TZDB <code>2022g</code></li>
</ul>
</li>
</ul>
from <a
href="https://snyk.io/redirect/github/moment/moment-timezone/releases">moment-timezone
GitHub release notes</a>
</details>
</details>
<details>
<summary><b>Commit messages</b></summary>
</br>
<details>
<summary>Package name: <b>moment-timezone</b></summary>
<ul>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/98d3add7187947f37046a316802dcdfe40ad306a">98d3add</a>
Build moment-timezone 0.5.41</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/78cf3ade7b138f1d464be79194680fc1a8a7e290">78cf3ad</a>
changelog: Add 0.5.41</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/cd35dc6e3c806c91d46e7e6bc5039505f73052f3">cd35dc6</a>
Bump version to 0.5.41</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/76f5a75096026144f20c5e12adf325862e70e21c">76f5a75</a>
Re-number build tasks to match new running order</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/ace9a77b0d410509a6a8e92f21d1e4a15f8bce64">ace9a77</a>
Fix broken badges in README</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/8080504d8e39739e82e99ab2a87c60de9cd8915d">8080504</a>
Bump moment dependency to 2.29.4 (#1004)</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/61b14d67a4a479ae3f95892a8ae145f2b0ba9dfd">61b14d6</a>
Add deprecation warning to 2012-2022 pre-built files (#1036)</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/fc2936973a0be8b8f84e856ca23ee8d17441170f">fc29369</a>
Bump remaining grunt-contrib packages</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/c83479e54083f132dfc3455ef606794e291a37fe">c83479e</a>
tests: Fix guess tests for 2023</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/e501621297d7f992325bee5641f31c28a034addf">e501621</a>
Bump y18n from 4.0.0 to 4.0.3 (#1026)</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/0a7b5ddb47a59a5cc4efbc5e344e33d786955bd8">0a7b5dd</a>
Bump shelljs and grunt-contrib-jshint (#1025)</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/6078ad6921490bf05bc5b9e896bee63ef786d9d0">6078ad6</a>
Bump ejs and grunt-contrib-nodeunit (#1013)</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/84e665aa330c182533f72f7d4af73094a06c532f">84e665a</a>
Bump qs from 6.5.2 to 6.5.3 (#1021)</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/5bdbd1143db3d54eed69d6e2d9deb2e56dfe86c9">5bdbd11</a>
Bump minimatch from 3.0.4 to 3.0.8 (#1016)</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/8d1a6e1e0fe2e393ccf47f853ccd321aa1fa85b0">8d1a6e1</a>
Bump minimist, mkdirp and handlebars (#1012)</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/cfbbd5cd03fdde4374badc662db3b42158eeced9">cfbbd5c</a>
Bump json-schema and jsprim (#1011)</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/36ccdd3659490ba59cc4ba86122b535aa3c81a5d">36ccdd3</a>
Bump async from 2.6.2 to 2.6.4 (#1010)</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/4b38e45977b9a8b36f7814aa3f6be93bf9fb488b">4b38e45</a>
Bump ajv from 6.10.0 to 6.12.6 (#1003)</li>
</ul>
<a
href="https://snyk.io/redirect/github/moment/moment-timezone/compare/d34de5593ddc0ccb7d4d73f3c7364e45cf28058a...98d3add7187947f37046a316802dcdfe40ad306a">Compare</a>
</details>
</details>
<hr/>
**Note:** *You are seeing this because you or someone else with access
to this repository has authorized Snyk to open upgrade PRs.*
For more information: <img
src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiJmMWM1MzU0Yy0yNGZkLTQwNzMtYWQzNS1lMTgzYjJmY2MwMjQiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6ImYxYzUzNTRjLTI0ZmQtNDA3My1hZDM1LWUxODNiMmZjYzAyNCJ9fQ=="
width="0" height="0"/>
🧐 [View latest project
report](https://app.snyk.io/org/scudette/project/76f4d127-566b-42ef-86f4-bdcbc92b90b4?utm_source=github&utm_medium=referral&page=upgrade-pr)
🛠 [Adjust upgrade PR
settings](https://app.snyk.io/org/scudette/project/76f4d127-566b-42ef-86f4-bdcbc92b90b4/settings/integration?utm_source=github&utm_medium=referral&page=upgrade-pr)
🔕 [Ignore this dependency or unsubscribe from future upgrade
PRs](https://app.snyk.io/org/scudette/project/76f4d127-566b-42ef-86f4-bdcbc92b90b4/settings/integration?pkg=moment-timezone&utm_source=github&utm_medium=referral&page=upgrade-pr#auto-dep-upgrades)
<!---
(snyk:metadata:{"prId":"f1c5354c-24fd-4073-ad35-e183b2fcc024","prPublicId":"f1c5354c-24fd-4073-ad35-e183b2fcc024","dependencies":[{"name":"moment-timezone","from":"0.5.40","to":"0.5.41"}],"packageManager":"npm","type":"auto","projectUrl":"https://app.snyk.io/org/scudette/project/76f4d127-566b-42ef-86f4-bdcbc92b90b4?utm_source=github&utm_medium=referral&page=upgrade-pr","projectPublicId":"76f4d127-566b-42ef-86f4-bdcbc92b90b4","env":"prod","prType":"upgrade","vulns":[],"issuesToFix":[],"upgrade":[],"upgradeInfo":{"versionsDiff":1,"publishedDate":"2023-02-25T07:02:31.672Z"},"templateVariants":[],"hasFixes":false,"isMajorUpgrade":false,"isBreakingChange":false,"priorityScoreList":[]})
--->
Closed
scudette
added a commit
to Velocidex/velociraptor
that referenced
this issue
Apr 18, 2023
<p>This PR was automatically created by Snyk using the credentials of a
real user.</p><br /><h3>Snyk has created this PR to upgrade
moment-timezone from 0.5.41 to 0.5.42.</h3>
:information_source: Keep your dependencies up-to-date. This makes it
easier to fix existing vulnerabilities and to more quickly identify and
fix newly disclosed vulnerabilities when they affect your project.
<hr/>
- The recommended version is **1 version** ahead of your current
version.
- The recommended version was released **21 days ago**, on 2023-03-24.
<details>
<summary><b>Release notes</b></summary>
<br/>
<details>
<summary>Package name: <b>moment-timezone</b></summary>
<ul>
<li>
<b>0.5.42</b> - <a
href="https://snyk.io/redirect/github/moment/moment-timezone/releases/tag/0.5.42">2023-03-24</a></br><ul>
<li>Updated data to IANA TZDB <code>2023b</code></li>
</ul>
</li>
<li>
<b>0.5.41</b> - <a
href="https://snyk.io/redirect/github/moment/moment-timezone/releases/tag/0.5.41">2023-02-25</a></br><ul>
<li>Updated <code>moment</code> npm dependency to <code>2.29.4</code> to
remove automated warnings about insecure dependencies <a
class="issue-link js-issue-link" data-error-text="Failed to load title"
data-id="1376195089" data-permission-text="Title is private"
data-url="moment/moment-timezone#1004"
data-hovercard-type="pull_request"
data-hovercard-url="/moment/moment-timezone/pull/1004/hovercard"
href="https://snyk.io/redirect/github/moment/moment-timezone/pull/1004">#1004</a>.<br>
Moment Timezone still works with core Moment <code>2.9.0</code> and
higher.</li>
<li>Updated all dev dependencies including UglifyJS, which produces the
minified builds.</li>
<li>Added deprecation warning to the pre-built
<code>moment-timezone-with-data-2012-2022</code> bundles <a
href="https://snyk.io/redirect/github/moment/moment-timezone/issues/1035"
data-hovercard-type="issue"
data-hovercard-url="/moment/moment-timezone/issues/1035/hovercard">#1035</a>.<br>
Use the rolling <code>moment-timezone-with-data-10-year-range</code>
files instead.</li>
</ul>
</li>
</ul>
from <a
href="https://snyk.io/redirect/github/moment/moment-timezone/releases">moment-timezone
GitHub release notes</a>
</details>
</details>
<details>
<summary><b>Commit messages</b></summary>
</br>
<details>
<summary>Package name: <b>moment-timezone</b></summary>
<ul>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/81ce2526c0793454dd00f89c67531aeb30469319">81ce252</a>
Bump version in moment-timezone-utils.js</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/4116a04b868e63097c26a286df20e5a336e2761a">4116a04</a>
Build moment-timezone 0.5.42</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/c4a1ce146bb5a6600feac45732a569b1ef46e9bf">c4a1ce1</a>
changelog: Add 0.5.42</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/d702a49b9ce417daf17effb6ea341bc868e0b444">d702a49</a>
Bump version to 0.5.42</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/c008188c8271a37cfbd966a9229d21e7454fc906">c008188</a>
Merge pull request #1047 from moment/data/2023b</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/f094113486206d767cb1c5535444f96948d760d2">f094113</a>
tests: Fix country tests for 2023b</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/81e6c8132d793930c331665ee858feca68171121">81e6c81</a>
data: Add 2023b</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/a8d0fa1807986d6789d1c7d4dbe3cbdef69affb1">a8d0fa1</a>
Bump json5 via npm audit fix</li>
</ul>
<a
href="https://snyk.io/redirect/github/moment/moment-timezone/compare/98d3add7187947f37046a316802dcdfe40ad306a...81ce2526c0793454dd00f89c67531aeb30469319">Compare</a>
</details>
</details>
<hr/>
**Note:** *You are seeing this because you or someone else with access
to this repository has authorized Snyk to open upgrade PRs.*
For more information: <img
src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiJkYzhhNzM2Ny1jNDJkLTRkOGEtOGNlMS1iNjZmMjUwNjVkMjMiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6ImRjOGE3MzY3LWM0MmQtNGQ4YS04Y2UxLWI2NmYyNTA2NWQyMyJ9fQ=="
width="0" height="0"/>
🧐 [View latest project
report](https://app.snyk.io/org/scudette/project/76f4d127-566b-42ef-86f4-bdcbc92b90b4?utm_source=github&utm_medium=referral&page=upgrade-pr)
🛠 [Adjust upgrade PR
settings](https://app.snyk.io/org/scudette/project/76f4d127-566b-42ef-86f4-bdcbc92b90b4/settings/integration?utm_source=github&utm_medium=referral&page=upgrade-pr)
🔕 [Ignore this dependency or unsubscribe from future upgrade
PRs](https://app.snyk.io/org/scudette/project/76f4d127-566b-42ef-86f4-bdcbc92b90b4/settings/integration?pkg=moment-timezone&utm_source=github&utm_medium=referral&page=upgrade-pr#auto-dep-upgrades)
<!---
(snyk:metadata:{"prId":"dc8a7367-c42d-4d8a-8ce1-b66f25065d23","prPublicId":"dc8a7367-c42d-4d8a-8ce1-b66f25065d23","dependencies":[{"name":"moment-timezone","from":"0.5.41","to":"0.5.42"}],"packageManager":"npm","type":"auto","projectUrl":"https://app.snyk.io/org/scudette/project/76f4d127-566b-42ef-86f4-bdcbc92b90b4?utm_source=github&utm_medium=referral&page=upgrade-pr","projectPublicId":"76f4d127-566b-42ef-86f4-bdcbc92b90b4","env":"prod","prType":"upgrade","vulns":[],"issuesToFix":[],"upgrade":[],"upgradeInfo":{"versionsDiff":1,"publishedDate":"2023-03-24T06:33:21.236Z"},"templateVariants":[],"hasFixes":false,"isMajorUpgrade":false,"isBreakingChange":false,"priorityScoreList":[]})
--->
Co-authored-by: snyk-bot <snyk-bot@snyk.io>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Moment-timezone version which you use:
Version: 0.5.40
Issue description:
I just spent a lot of time investigating why suddenly DST were not applied anymore in 2023, but still worked in the prior years (including, but not limited to digging through the IANA changelog).
I included this file years ago, and I wasn't even aware anymore that there's such a thing as a limited dataset. I now replaced it with
moment-timezone-with-data-10-year-range, which should be future-proof.Ideally, there would be a way to raise an error, but I get that backwards compatibility concerns make that impossible. But maybe it's possible to at least log a big warning in case this outdated dataset is used?
The text was updated successfully, but these errors were encountered: