Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update moment.js to resolve regex DoS vulnerability #558

Merged
merged 1 commit into from
Jun 28, 2020
Merged

Update moment.js to resolve regex DoS vulnerability #558

merged 1 commit into from
Jun 28, 2020

Conversation

mdholloway
Copy link
Contributor

NSP is alerting on a vulnerability introduced by the moment.js dependency:

https://nodesecurity.io/advisories/532

See the upstream issue resolved by the update:

moment/moment#4163

Update moment to resolve regex DoS vulnerability
b07616b 
NSP is alerting on a vulnerability introduced by the moment.js dependency:

https://nodesecurity.io/advisories/532

See the upstream issue resolved by the update:

moment/moment#4163
@mdholloway mdholloway mentioned this pull request Nov 29, 2017
Merged
@mdholloway mdholloway changed the title Update moment to resolve regex DoS vulnerability Update moment.js to resolve regex DoS vulnerability Nov 30, 2017
@amorriscode amorriscode mentioned this pull request Dec 22, 2017
Closed
@renjithamadeus
Copy link

Can we look into this PR, this is an optional dependency, nevertheless it would be good to update the dependencies to its latest version, especially, when there is a security vulnerability.

@serhalp serhalp mentioned this pull request Apr 18, 2018
Open
@trentm
Copy link
Owner

trentm commented Jun 28, 2020

Thank you very much. Apologies for the delay.

(FYI on the delay in my responding: #335 (comment))

@trentm trentm merged commit 1920138 into trentm:master Jun 28, 2020
@trentm
Copy link
Owner

trentm commented Jun 29, 2020

I also merged this to the 1.x branch in commit 990426d

@trentm trentm mentioned this pull request Jun 29, 2020
Closed
trentm pushed a commit that referenced this pull request Jun 29, 2020
@mdholloway @trentm
Update moment to resolve regex DoS vulnerability (#558)
990426d 
CVE-2017-18214
https://nodesecurity.io/advisories/532

See the upstream issue resolved by the update:
moment/moment#4163
@trentm
Copy link
Owner

trentm commented Jun 29, 2020

[email protected] and [email protected] (beta) have been published with this (yes, I realize years late :/).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
needstriage
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mdholloway @renjithamadeus @trentm