Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Repair potential security vulnerability - moment package #662

Closed
thinkingserious opened this issue Mar 6, 2018 · 1 comment · Fixed by #666
Closed

Repair potential security vulnerability - moment package #662

thinkingserious opened this issue Mar 6, 2018 · 1 comment · Fixed by #666
Labels
difficulty: easy fix is easy in difficulty status: work in progress Twilio or the community is in the process of implementing type: security known security issue

Comments

@thinkingserious
Copy link
Contributor

Issue Summary

Known moderate severity security vulnerability detected in moment < 2.19.3 defined in package-lock.json.

update suggested: moment ~> 2.19.3.
@thinkingserious thinkingserious added status: help wanted requesting help from the community difficulty: easy fix is easy in difficulty up-for-grabs type: security known security issue labels Mar 6, 2018
@thinkingserious thinkingserious changed the title Repair potential security vulnerability Repair potential security vulnerability - moment package Mar 6, 2018
This was referenced Mar 11, 2018
Closed
Merged
@ctrimm
Copy link
Contributor

ctrimm commented Mar 11, 2018

@thinkingserious - I added moment as a devDependencies via npm install moment --save-dev to add it to package.json. Then I ran npm install. You can verify the moment package was installed by looking at the package-lock.json file.

After adding the moment package, I received a couple of warnings about the versions of chai-as-promised and dirty-chai not - I went ahead and updated those versions as well.

I ran the test suites and they lined up with the previous coverage. I then verified there wasn't any breaking changes via the moment changelog.

Let me know if this is what you were looking for.

@thinkingserious thinkingserious added status: work in progress Twilio or the community is in the process of implementing and removed good first issue status: help wanted requesting help from the community labels Mar 12, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
difficulty: easy fix is easy in difficulty status: work in progress Twilio or the community is in the process of implementing type: security known security issue
Projects
None yet
Milestone
No milestone
2 participants
@thinkingserious @ctrimm