search

ulian18 / nodejs-goof

Super vulnerable todo list application
Apache License 2.0
1 stars 0 forks source link

[Snyk] Upgrade moment from 2.15.1 to 2.29.4 #4

Open snyk-bot opened 1 year ago

snyk-bot commented 1 year ago

Snyk has created this PR to upgrade moment from 2.15.1 to 2.29.4.

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Directory Traversal
SNYK-JS-MOMENT-2440688		 589/1000
Why? Has a fix available, CVSS 7.5		 No Known Exploit
Regular Expression Denial of Service (ReDoS)
npm:moment:20161019		 589/1000
Why? Has a fix available, CVSS 7.5		 No Known Exploit
Regular Expression Denial of Service (ReDoS)
npm:moment:20170905		 589/1000
Why? Has a fix available, CVSS 7.5		 No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: moment
  • 2.29.4 - 2022-07-06

    2.29.4

  • 2.29.3 - 2022-04-17

    2.29.3

  • 2.29.2 - 2022-04-03

    2.29.2

  • 2.29.1 - 2020-10-06

    2.29.1

  • 2.29.0 - 2020-09-22

    2.29.0

  • 2.28.0 - 2020-09-13

    2.28.0

  • 2.27.0 - 2020-06-18

    2.27.0

  • 2.26.0 - 2020-05-20

    2.26.0

  • 2.25.3 - 2020-05-04

    2.25.3

  • 2.25.2 - 2020-05-04

    2.25.2

  • 2.25.1 - 2020-05-01
  • 2.25.0 - 2020-05-01
  • 2.24.0 - 2019-01-21
  • 2.23.0 - 2018-12-13
  • 2.22.2 - 2018-06-01
  • 2.22.1 - 2018-04-15
  • 2.22.0 - 2018-03-30
  • 2.21.0 - 2018-03-02
  • 2.20.1 - 2017-12-19
  • 2.20.0 - 2017-12-17
  • 2.19.4 - 2017-12-11
  • 2.19.3 - 2017-11-29
  • 2.19.2 - 2017-11-11
  • 2.19.1 - 2017-10-11
  • 2.19.0 - 2017-10-10
  • 2.18.1 - 2017-03-21
  • 2.18.0 - 2017-03-18
  • 2.17.1 - 2016-12-04
  • 2.17.0 - 2016-11-22
  • 2.16.0 - 2016-11-10
  • 2.15.2 - 2016-10-24
  • 2.15.1 - 2016-09-21
from moment GitHub release notes

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs