search

OpenCerts / legacy-templates

Apache License 2.0
0 stars 25 forks source link

[Snyk] Upgrade moment-timezone from 0.5.25 to 0.5.43 #143

Open john-dot-oa opened 1 year ago

john-dot-oa commented 1 year ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade moment-timezone from 0.5.25 to 0.5.43.

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
- The recommended version is **18 versions** ahead of your current version. - The recommended version was released **5 months ago**, on 2023-03-31. The recommended version fixes: Severity | Issue | PriorityScore (*) | Exploit Maturity | :-------------------------:|:-------------------------|-------------------------|:------------------------- | Directory Traversal
[SNYK-JS-MOMENT-2440688](https://snyk.io/vuln/SNYK-JS-MOMENT-2440688) | **375/1000**
**Why?** CVSS 7.5 | No Known Exploit | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-MOMENT-2944238](https://snyk.io/vuln/SNYK-JS-MOMENT-2944238) | **375/1000**
**Why?** CVSS 7.5 | Proof of Concept (*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: moment-timezone
  • 0.5.43 - 2023-03-31
    • Updated data to IANA TZDB 2023c
  • 0.5.42 - 2023-03-24
    • Updated data to IANA TZDB 2023b
  • 0.5.41 - 2023-02-25
    • Updated moment npm dependency to 2.29.4 to remove automated warnings about insecure dependencies #1004.
      Moment Timezone still works with core Moment 2.9.0 and higher.
    • Updated all dev dependencies including UglifyJS, which produces the minified builds.
    • Added deprecation warning to the pre-built moment-timezone-with-data-2012-2022 bundles #1035.
      Use the rolling moment-timezone-with-data-10-year-range files instead.
  • 0.5.40 - 2022-12-11
    • Updated data to IANA TZDB 2022g
  • 0.5.39 - 2022-11-14
    • Updated data to IANA TZDB 2022f
  • 0.5.38 - 2022-10-15
    • Updated data to IANA TZDB 2022e
    • Added moment.tz.dataVersion property to TypeScript definitions #930
    • Removed temporary .tar.gz files from npm releases #1000
  • 0.5.37 - 2022-08-25
  • 0.5.36 - 2022-08-25
  • 0.5.35 - 2022-08-23
  • 0.5.34 - 2021-11-10
  • 0.5.33 - 2021-02-06
  • 0.5.32 - 2020-11-14
  • 0.5.31 - 2020-05-17
  • 0.5.30 - 2020-05-17
  • 0.5.29 - 2020-05-16
  • 0.5.28 - 2020-02-21
  • 0.5.27 - 2019-10-16
  • 0.5.26 - 2019-07-06
  • 0.5.25 - 2019-04-18
from moment-timezone GitHub release notes
**Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.* For more information: šŸ§ [View latest project report](https://app.snyk.io/org/nft-772/project/fc9d5573-72ca-4679-bfe8-428ae84edee0?utm_source=github&utm_medium=referral&page=upgrade-pr) šŸ›  [Adjust upgrade PR settings](https://app.snyk.io/org/nft-772/project/fc9d5573-72ca-4679-bfe8-428ae84edee0/settings/integration?utm_source=github&utm_medium=referral&page=upgrade-pr) šŸ”• [Ignore this dependency or unsubscribe from future upgrade PRs](https://app.snyk.io/org/nft-772/project/fc9d5573-72ca-4679-bfe8-428ae84edee0/settings/integration?pkg=moment-timezone&utm_source=github&utm_medium=referral&page=upgrade-pr#auto-dep-upgrades)