Skip to content

Commit

Permalink
build(deps): always resolve momentjs version 2.29.4 (#3182)
Browse files Browse the repository at this point in the history
Before this change both version 2.29.1 and version 2.29.4 of momentjs
were brougth in. The bump from v2.29.1 -> v2.29.4 remediates two CVEs:
CVE-2022-24785 [1] and CVE-2022-31129 [2]. The most notable change comes
with the bump from v2.29.1 -> v2.29.2 which introduces a breaking change
to remediate CVE-2022-24785: Forward slash and backward slash is no
longer allowed in locale names. Locales containing either of those
characters will not be loaded from the filesystem any longer [3]. Other
than that it looks like there's only patch fixes which can be seen in
the full changelog [4].

[1] GHSA-8hfj-j24r-96c4
[2] GHSA-wc69-rhjr-hc9g
[3] https://gist.github.com/ichernev/1904b564f6679d9aac1ae08ce13bc45c
[4] https://github.com/moment/moment/blob/536ad0c348f2f99009755698f491080757a48221/CHANGELOG.md

Signed-off-by: Linus Ekman <[email protected]>
  • Loading branch information
linus345 authored and zachaller committed Dec 4, 2023
1 parent 79fbb60 commit c7f7d1e
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 7 deletions.
3 changes: 2 additions & 1 deletion ui/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -71,6 +71,7 @@
"webpack-merge": "^5.7.3"
},
"resolutions": {
"@types/react": "16.9.3"
"@types/react": "16.9.3",
"moment": "2.29.4"
}
}
7 changes: 1 addition & 6 deletions ui/yarn.lock
Original file line number Diff line number Diff line change
Expand Up @@ -7973,12 +7973,7 @@ moment-timezone@^0.5.33:
dependencies:
moment ">= 2.9.0"

"moment@>= 2.9.0", moment@^2.20.1:
version "2.29.1"
resolved "https://registry.yarnpkg.com/moment/-/moment-2.29.1.tgz#b2be769fa31940be9eeea6469c075e35006fa3d3"
integrity sha512-kHmoybcPV8Sqy59DwNDY3Jefr64lK/by/da0ViFcuA4DH0vQg5Q6Ze5VimxkfQNSC+Mls/Kx53s7TjP1RhFEDQ==

moment@^2.29.4:
[email protected], "moment@>= 2.9.0", moment@^2.20.1, moment@^2.29.4:
version "2.29.4"
resolved "https://registry.yarnpkg.com/moment/-/moment-2.29.4.tgz#3dbe052889fe7c1b2ed966fcb3a77328964ef108"
integrity sha512-5LC9SOxjSc2HF6vO2CyuTDNivEdoz2IvyJJGj6X8DJ0eFyfszE0QiEd+iXmBvUP3WHxSjFH/vIsA0EN00cgr8w==
Expand Down

0 comments on commit c7f7d1e

Please sign in to comment.