Before v2.19.3, the moment.js module is prone to a regular expression denial of service via a crafted date string. Although I'm not sure if GER is directly affected, it's dependency on moment.js should be updated regardless as:
There are no backwards-incompatible changes between v2.17.1 and v2.19.3
Leaving moment.js@2.17.3 will break builds with NSP enabled.
Before v2.19.3, the moment.js module is prone to a regular expression denial of service via a crafted date string. Although I'm not sure if GER is directly affected, it's dependency on moment.js should be updated regardless as:
There are no backwards-incompatible changes between v2.17.1 and v2.19.3
Leaving moment.js@2.17.3 will break builds with NSP enabled.