From 5d63a94b96deb882fea37ade44be855dd6cc7262 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Thu, 7 Jul 2022 18:28:59 +0000
Subject: [PATCH] fix: package.json & package-lock.json to reduce
 vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-MOMENT-2944238
---
 package-lock.json | 57 ++++++++++++++---------------------------------
 package.json      |  4 ++--
 2 files changed, 19 insertions(+), 42 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 10460d9f38ac7..4508e205a95b5 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1587,53 +1587,30 @@
       }
     },
     "@nextcloud/moment": {
-      "version": "1.1.1",
-      "resolved": "https://registry.npmjs.org/@nextcloud/moment/-/moment-1.1.1.tgz",
-      "integrity": "sha512-lh7Xn9Ver12pLfE0rpjxE6x/ipscAV+7fw1u+7TJak1QR1T1UDRMZ9dA7z77W8mZH2C3yveTh/VEHZIflKBrng==",
+      "version": "1.2.1",
+      "resolved": "https://registry.npmjs.org/@nextcloud/moment/-/moment-1.2.1.tgz",
+      "integrity": "sha512-v/yfrZ4Jo8YM1v0DLXKjRLwKOhzE4Y6DcgyZAM1vJ5jOMvkHpICuTDJRw8oOtrr/1H6FqI6EMZcYogeGD+rwSA==",
       "requires": {
-        "@nextcloud/l10n": "1.2.0",
-        "core-js": "3.6.4",
+        "@nextcloud/l10n": "^1.4.1",
+        "core-js": "^3.21.1",
         "jed": "^1.1.1",
-        "moment": "2.24.0",
-        "node-gettext": "^2.0.0"
+        "moment": "^2.29.2",
+        "node-gettext": "^3.0.0"
       },
       "dependencies": {
         "@nextcloud/l10n": {
-          "version": "1.2.0",
-          "resolved": "https://registry.npmjs.org/@nextcloud/l10n/-/l10n-1.2.0.tgz",
-          "integrity": "sha512-aPsVAewCYMNe2h0yse3Fj7LofvnvFPimojw24K47ip1+I1gawMIsQL+BYAnN8wzlcbsDTEc7I1FxtOh+8dHHIA==",
+          "version": "1.6.0",
+          "resolved": "https://registry.npmjs.org/@nextcloud/l10n/-/l10n-1.6.0.tgz",
+          "integrity": "sha512-aKGlgrwN9OiafN791sYus0shfwNeU3PlrH6Oi9ISma6iJSvN6a8aJM8WGKCJ9pqBaTR5PrDuckuM/WnybBWb6A==",
           "requires": {
             "core-js": "^3.6.4",
             "node-gettext": "^3.0.0"
-          },
-          "dependencies": {
-            "node-gettext": {
-              "version": "3.0.0",
-              "resolved": "https://registry.npmjs.org/node-gettext/-/node-gettext-3.0.0.tgz",
-              "integrity": "sha512-/VRYibXmVoN6tnSAY2JWhNRhWYJ8Cd844jrZU/DwLVoI4vBI6ceYbd8i42sYZ9uOgDH3S7vslIKOWV/ZrT2YBA==",
-              "requires": {
-                "lodash.get": "^4.4.2"
-              }
-            }
           }
         },
         "core-js": {
-          "version": "3.6.4",
-          "resolved": "https://registry.npmjs.org/core-js/-/core-js-3.6.4.tgz",
-          "integrity": "sha512-4paDGScNgZP2IXXilaffL9X7968RuvwlkK3xWtZRVqgd8SYNiVKRJvkFd1aqqEuPfN7E68ZHEp9hDj6lHj4Hyw=="
-        },
-        "moment": {
-          "version": "2.24.0",
-          "resolved": "https://registry.npmjs.org/moment/-/moment-2.24.0.tgz",
-          "integrity": "sha512-bV7f+6l2QigeBBZSM/6yTNq4P2fNpSWj/0e7jQcy87A8e7o2nAfP/34/2ky5Vw4B9S446EtIhodAzkFCcR4dQg=="
-        },
-        "node-gettext": {
-          "version": "2.1.0",
-          "resolved": "https://registry.npmjs.org/node-gettext/-/node-gettext-2.1.0.tgz",
-          "integrity": "sha512-vsHImHl+Py0vB7M2UXcFEJ5NJ3950gcja45YclBFtYxYeZiqdfQdcu+G9s4L7jpRFSh/J/7VoS3upR4JM1nS+g==",
-          "requires": {
-            "lodash.get": "^4.4.2"
-          }
+          "version": "3.23.3",
+          "resolved": "https://registry.npmjs.org/core-js/-/core-js-3.23.3.tgz",
+          "integrity": "sha512-oAKwkj9xcWNBAvGbT//WiCdOMpb9XQG92/Fe3ABFM/R16BsHgePG00mFOgKf7IsCtfj8tA1kHtf/VwErhriz5Q=="
         }
       }
     },
@@ -7725,7 +7702,7 @@
     "jed": {
       "version": "1.1.1",
       "resolved": "https://registry.npmjs.org/jed/-/jed-1.1.1.tgz",
-      "integrity": "sha1-elSbvZ/+FYWwzQoZHiAwVb7ldLQ="
+      "integrity": "sha512-z35ZSEcXHxLW4yumw0dF6L464NT36vmx3wxJw8MDpraBcWuNVgUPZgPJKcu1HekNgwlMFNqol7i/IpSbjhqwqA=="
     },
     "jquery": {
       "version": "3.5.0",
@@ -8874,9 +8851,9 @@
       }
     },
     "moment": {
-      "version": "2.27.0",
-      "resolved": "https://registry.npmjs.org/moment/-/moment-2.27.0.tgz",
-      "integrity": "sha512-al0MUK7cpIcglMv3YF13qSgdAIqxHTO7brRtaz3DlSULbqfazqkc5kEjNrLDOM7fsjshoFIihnU8snrP7zUvhQ=="
+      "version": "2.29.4",
+      "resolved": "https://registry.npmjs.org/moment/-/moment-2.29.4.tgz",
+      "integrity": "sha512-5LC9SOxjSc2HF6vO2CyuTDNivEdoz2IvyJJGj6X8DJ0eFyfszE0QiEd+iXmBvUP3WHxSjFH/vIsA0EN00cgr8w=="
     },
     "moment-timezone": {
       "version": "0.5.31",
diff --git a/package.json b/package.json
index 76300526d7ec9..d4eb2efb96059 100644
--- a/package.json
+++ b/package.json
@@ -35,7 +35,7 @@
     "@nextcloud/initial-state": "^1.1.2",
     "@nextcloud/l10n": "^1.3.0",
     "@nextcloud/logger": "^1.1.2",
-    "@nextcloud/moment": "^1.1.1",
+    "@nextcloud/moment": "^1.2.1",
     "@nextcloud/password-confirmation": "^1.0.1",
     "@nextcloud/paths": "^1.1.2",
     "@nextcloud/router": "^1.1.0",
@@ -61,7 +61,7 @@
     "jstimezonedetect": "^1.0.7",
     "lodash": "^4.17.20",
     "marked": "^1.1.1",
-    "moment": "^2.27.0",
+    "moment": "^2.29.4",
     "moment-timezone": "^0.5.31",
     "nextcloud-vue-collections": "^0.8.1",
     "p-limit": "^3.0.2",