We've received notifications from Dependabot that packages we use might have security issues. Specifically, these are the CVEs affected:
CVE-2016-20018
CVE-2022-46175
CVE-2023-22467
Details and resources
Dependabot is throwing alerts for the following out-of-date packages:
luxon (used in both api and webapp)
json5 (used in both api and webapp)
knex (used in api)
The recommendation is to upgrade all affected packages to their latest point releases, which sufficiently resolves the alerted security vulnerabilities.
Checklist
[x] This issue is linked to the appropriate project.
We've received notifications from Dependabot that packages we use might have security issues. Specifically, these are the CVEs affected:
Details and resources
Dependabot is throwing alerts for the following out-of-date packages:
luxon
(used in bothapi
andwebapp
)json5
(used in bothapi
andwebapp
)knex
(used inapi
)The recommendation is to upgrade all affected packages to their latest point releases, which sufficiently resolves the alerted security vulnerabilities.
Checklist