From 53eab968d5114d1ad270f27b8a7281238f0bbbb9 Mon Sep 17 00:00:00 2001
From: Kaituo Li <kaituo@amazon.com>
Date: Mon, 10 Jul 2023 16:28:08 -0700
Subject: [PATCH] Address CVE (#535)

This PR addresses a CVE related to our use of a version of moment.js that is below 2.29.2.

Modified as per the reference PR: https://github.com/opensearch-project/OpenSearch-Dashboards/pull/1931/files

Testing done:
1. Executed an end-to-end test to ensure that we can still create and run a detector with the updated moment.js version.

Signed-off-by: Kaituo Li <kaituo@amazon.com>
---
 package.json | 1 -
 yarn.lock    | 5 -----
 2 files changed, 6 deletions(-)

diff --git a/package.json b/package.json
index 3b5a47aa..4d03e10d 100644
--- a/package.json
+++ b/package.json
@@ -56,7 +56,6 @@
     "json5": "^2.2.3",
     "@sideway/formula": "^3.0.1",
     "minimist": "^1.2.6",
-    "moment": "^2.29.4",
     "minimatch": "^3.1.2",
     "axios": "^0.21.4"
   }
diff --git a/yarn.lock b/yarn.lock
index 8b0692ad..3478b895 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -2631,11 +2631,6 @@ mkdirp@^0.5.1, mkdirp@^0.5.3:
     minimist "^1.2.5"
 
 moment@^2.24.0:
-  version "2.29.1"
-  resolved "https://registry.yarnpkg.com/moment/-/moment-2.29.1.tgz#b2be769fa31940be9eeea6469c075e35006fa3d3"
-  integrity sha512-kHmoybcPV8Sqy59DwNDY3Jefr64lK/by/da0ViFcuA4DH0vQg5Q6Ze5VimxkfQNSC+Mls/Kx53s7TjP1RhFEDQ==
-
-moment@^2.29.4:
   version "2.29.4"
   resolved "https://registry.yarnpkg.com/moment/-/moment-2.29.4.tgz#3dbe052889fe7c1b2ed966fcb3a77328964ef108"
   integrity sha512-5LC9SOxjSc2HF6vO2CyuTDNivEdoz2IvyJJGj6X8DJ0eFyfszE0QiEd+iXmBvUP3WHxSjFH/vIsA0EN00cgr8w==