Closed CharlesBordet closed 1 year ago
There is a vulnerability issue in the dygraphs package that is brought by the moment.js library.
dygraphs
moment.js
moment.js is a JS library used in the package (in htmlwidgets/lib/timezone/moment.js).
htmlwidgets/lib/timezone/moment.js
Here is the NVD report for this vulnerability: https://nvd.nist.gov/vuln/detail/cve-2022-24785
Upgrading to version 2.29.2 (or later) should fix the vulnerability issue.
Do you think this is possible? I am not very familiar with the internals of dygraphs, but I can try it on my side and run the tests if that helps.
There is a vulnerability issue in the
dygraphspackage that is brought by themoment.jslibrary.moment.jsis a JS library used in the package (inhtmlwidgets/lib/timezone/moment.js).Here is the NVD report for this vulnerability: https://nvd.nist.gov/vuln/detail/cve-2022-24785
Upgrading to version 2.29.2 (or later) should fix the vulnerability issue.
Do you think this is possible? I am not very familiar with the internals of dygraphs, but I can try it on my side and run the tests if that helps.