[Snyk] Upgrade moment from 2.15.1 to 2.29.1 #2

snyk-bot · 2021-09-09T21:49:18Z

Snyk has created this PR to upgrade moment from 2.15.1 to 2.29.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 28 versions ahead of your current version.
The recommended version was released a year ago, on 2020-10-06.

The recommended version fixes:

Issue	PriorityScore (*)	Exploit Maturity
Prototype Pollution SNYK-JS-Y18N-1021887	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) npm:minimatch:20160620	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-1019388	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) npm:minimatch:20160620	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-1019388	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Arbitrary Code Execution SNYK-JS-ISMYJSONVALID-597167	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-ISMYJSONVALID-597165	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Arbitrary Code Execution SNYK-JS-HANDLEBARS-534478	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Denial of Service (DoS) SNYK-JS-HANDLEBARS-480388	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Prototype Pollution SNYK-JS-HANDLEBARS-469063	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Prototype Pollution SNYK-JS-HANDLEBARS-174183	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Prototype Pollution SNYK-JS-HANDLEBARS-173692	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Cryptographic Issues SNYK-JS-ELLIPTIC-571484	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-ACORN-559469	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-ACORN-559469	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) npm:moment:20161019	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) npm:brace-expansion:20170302	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-HANDLEBARS-567742	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Remote Code Execution (RCE) SNYK-JS-HANDLEBARS-1056767	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Cryptographic Issues SNYK-JS-ELLIPTIC-1064899	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) npm:moment:20170905	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Prototype Pollution SNYK-JS-JSONPOINTER-598804	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-HANDLEBARS-534988	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Prototype Pollution SNYK-JS-HANDLEBARS-1279029	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Timing Attack SNYK-JS-ELLIPTIC-511941	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: moment

from moment GitHub release notes

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Snyk has created this PR to upgrade moment from 2.15.1 to 2.29.1. See this package in npm: https://www.npmjs.com/package/moment See this project in Snyk: https://app.snyk.io/org/kleddy17/project/155f1c5f-37b9-4d78-945e-e2c5b3a41014?utm_source=github&utm_medium=upgrade-pr

kleddy17 mentioned this pull request May 17, 2022

[Snyk] Security upgrade humanize-ms from 1.0.1 to 1.2.1 #13

Open

kleddy17 mentioned this pull request Jun 22, 2022

[Snyk] Fix for 10 vulnerabilities #14

Open

This was referenced Oct 5, 2022

[Snyk] Fix for 60 vulnerabilities #18

Open

[Snyk] Fix for 60 vulnerabilities #19

Open

kleddy17 mentioned this pull request Dec 19, 2023

[Snyk] Fix for 27 vulnerabilities #25

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Upgrade moment from 2.15.1 to 2.29.1 #2

[Snyk] Upgrade moment from 2.15.1 to 2.29.1 #2

snyk-bot commented Sep 9, 2021

[Snyk] Upgrade moment from 2.15.1 to 2.29.1 #2

Are you sure you want to change the base?

[Snyk] Upgrade moment from 2.15.1 to 2.29.1 #2

Conversation

snyk-bot commented Sep 9, 2021

Snyk has created this PR to upgrade moment from 2.15.1 to 2.29.1.