It looks like it’s the version in use in Event Organiser is at version 2.9, the current version is 2.30.1, and the issue was patched in version 2.29.2.
Would it be possible to get moment.js updated to > 2.29.2 with the next plugin update? When might that be (we're being asked for timelines to remedy these detected vulnerabilities).
Hello, we're using Event Organiser on https://californiaopioidresponse.org and are very happy with it. However, it's government funded, and the site was just scanned by a third-party agency that has flagged a security vulnerability in the moment.js script, which I see was identified on GitHub back in April of 2022 (https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4).
It looks like it’s the version in use in Event Organiser is at version 2.9, the current version is 2.30.1, and the issue was patched in version 2.29.2.
Would it be possible to get moment.js updated to > 2.29.2 with the next plugin update? When might that be (we're being asked for timelines to remedy these detected vulnerabilities).
Thanks!