Update version of moment to fix GHSA-wc69-rhjr-hc9g (CVE-2022-31129) #692
Comments
|
Ug, sorry^10 all. Looking now. |
|
package-lock.json is not published to npm, so any So, I'll merge the PR to update the package-lock.json file. However, is there a need for a new release tag or published version to npm for anyone? Please let me know if so. My next inclination is to remove the package-lock.json file from the repo. My tendency more recently is to not have a package-lock.json file for library repos. Opinions vary. Anyway, I'll open a separate PR for that on which there can be discussion. We could always re-add the package-lock if there are strong enough uses for it. |
|
I would appreciate a bumped version published to npm. As long as we're talking about it, I'd like to throw this idea out there: substituting dayjs for momentjs would be super awesome. |
Why? It would be identical to the previous release (package-lock.json is not included in an npm published package).
Noted. I think there are issue(s) for that. #630 for one. |
I'd appreciate it too. It would automatically be fixed for most people, now I had to manually look at what's exactly wrong and do |
|
Updating the optional dependency and releasing a new version will propagate updates to dependents and transitive dependents. I made a PR 🤠 #701 |
Please update the version of moment to 2.29.4 to fix security vulnerability and release a new tag.
https://nvd.nist.gov/vuln/detail/CVE-2022-31129
GHSA-wc69-rhjr-hc9g
The text was updated successfully, but these errors were encountered: