From af49c87265c8829df83bdf2810d5421506486545 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Thu, 7 Jul 2022 13:54:23 +0000
Subject: [PATCH] fix: package.json & package-lock.json to reduce
 vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-MOMENT-2944238
---
 package-lock.json | 60 +++++++++++------------------------------------
 package.json      |  4 ++--
 2 files changed, 16 insertions(+), 48 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index b2ace8a599a5e..c1261bc5aae9c 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -3016,53 +3016,21 @@
       }
     },
     "@nextcloud/moment": {
-      "version": "1.1.1",
-      "resolved": "https://registry.npmjs.org/@nextcloud/moment/-/moment-1.1.1.tgz",
-      "integrity": "sha512-lh7Xn9Ver12pLfE0rpjxE6x/ipscAV+7fw1u+7TJak1QR1T1UDRMZ9dA7z77W8mZH2C3yveTh/VEHZIflKBrng==",
+      "version": "1.2.1",
+      "resolved": "https://registry.npmjs.org/@nextcloud/moment/-/moment-1.2.1.tgz",
+      "integrity": "sha512-v/yfrZ4Jo8YM1v0DLXKjRLwKOhzE4Y6DcgyZAM1vJ5jOMvkHpICuTDJRw8oOtrr/1H6FqI6EMZcYogeGD+rwSA==",
       "requires": {
-        "@nextcloud/l10n": "1.2.0",
-        "core-js": "3.6.4",
+        "@nextcloud/l10n": "^1.4.1",
+        "core-js": "^3.21.1",
         "jed": "^1.1.1",
-        "moment": "2.24.0",
-        "node-gettext": "^2.0.0"
+        "moment": "^2.29.2",
+        "node-gettext": "^3.0.0"
       },
       "dependencies": {
-        "@nextcloud/l10n": {
-          "version": "1.2.0",
-          "resolved": "https://registry.npmjs.org/@nextcloud/l10n/-/l10n-1.2.0.tgz",
-          "integrity": "sha512-aPsVAewCYMNe2h0yse3Fj7LofvnvFPimojw24K47ip1+I1gawMIsQL+BYAnN8wzlcbsDTEc7I1FxtOh+8dHHIA==",
-          "requires": {
-            "core-js": "^3.6.4",
-            "node-gettext": "^3.0.0"
-          },
-          "dependencies": {
-            "node-gettext": {
-              "version": "3.0.0",
-              "resolved": "https://registry.npmjs.org/node-gettext/-/node-gettext-3.0.0.tgz",
-              "integrity": "sha512-/VRYibXmVoN6tnSAY2JWhNRhWYJ8Cd844jrZU/DwLVoI4vBI6ceYbd8i42sYZ9uOgDH3S7vslIKOWV/ZrT2YBA==",
-              "requires": {
-                "lodash.get": "^4.4.2"
-              }
-            }
-          }
-        },
         "core-js": {
-          "version": "3.6.4",
-          "resolved": "https://registry.npmjs.org/core-js/-/core-js-3.6.4.tgz",
-          "integrity": "sha512-4paDGScNgZP2IXXilaffL9X7968RuvwlkK3xWtZRVqgd8SYNiVKRJvkFd1aqqEuPfN7E68ZHEp9hDj6lHj4Hyw=="
-        },
-        "moment": {
-          "version": "2.24.0",
-          "resolved": "https://registry.npmjs.org/moment/-/moment-2.24.0.tgz",
-          "integrity": "sha512-bV7f+6l2QigeBBZSM/6yTNq4P2fNpSWj/0e7jQcy87A8e7o2nAfP/34/2ky5Vw4B9S446EtIhodAzkFCcR4dQg=="
-        },
-        "node-gettext": {
-          "version": "2.1.0",
-          "resolved": "https://registry.npmjs.org/node-gettext/-/node-gettext-2.1.0.tgz",
-          "integrity": "sha512-vsHImHl+Py0vB7M2UXcFEJ5NJ3950gcja45YclBFtYxYeZiqdfQdcu+G9s4L7jpRFSh/J/7VoS3upR4JM1nS+g==",
-          "requires": {
-            "lodash.get": "^4.4.2"
-          }
+          "version": "3.23.3",
+          "resolved": "https://registry.npmjs.org/core-js/-/core-js-3.23.3.tgz",
+          "integrity": "sha512-oAKwkj9xcWNBAvGbT//WiCdOMpb9XQG92/Fe3ABFM/R16BsHgePG00mFOgKf7IsCtfj8tA1kHtf/VwErhriz5Q=="
         }
       }
     },
@@ -7776,7 +7744,7 @@
     "jed": {
       "version": "1.1.1",
       "resolved": "https://registry.npmjs.org/jed/-/jed-1.1.1.tgz",
-      "integrity": "sha1-elSbvZ/+FYWwzQoZHiAwVb7ldLQ="
+      "integrity": "sha512-z35ZSEcXHxLW4yumw0dF6L464NT36vmx3wxJw8MDpraBcWuNVgUPZgPJKcu1HekNgwlMFNqol7i/IpSbjhqwqA=="
     },
     "jquery": {
       "version": "3.3.1",
@@ -8801,9 +8769,9 @@
       }
     },
     "moment": {
-      "version": "2.29.1",
-      "resolved": "https://registry.npmjs.org/moment/-/moment-2.29.1.tgz",
-      "integrity": "sha512-kHmoybcPV8Sqy59DwNDY3Jefr64lK/by/da0ViFcuA4DH0vQg5Q6Ze5VimxkfQNSC+Mls/Kx53s7TjP1RhFEDQ=="
+      "version": "2.29.4",
+      "resolved": "https://registry.npmjs.org/moment/-/moment-2.29.4.tgz",
+      "integrity": "sha512-5LC9SOxjSc2HF6vO2CyuTDNivEdoz2IvyJJGj6X8DJ0eFyfszE0QiEd+iXmBvUP3WHxSjFH/vIsA0EN00cgr8w=="
     },
     "moment-timezone": {
       "version": "0.5.33",
diff --git a/package.json b/package.json
index 41a7c4d0735b2..2df2355ae6ac9 100644
--- a/package.json
+++ b/package.json
@@ -35,7 +35,7 @@
     "@nextcloud/initial-state": "^1.2.0",
     "@nextcloud/l10n": "^1.4.1",
     "@nextcloud/logger": "^1.1.2",
-    "@nextcloud/moment": "^1.1.1",
+    "@nextcloud/moment": "^1.2.1",
     "@nextcloud/password-confirmation": "^1.0.1",
     "@nextcloud/paths": "^1.1.2",
     "@nextcloud/router": "^1.1.0",
@@ -62,7 +62,7 @@
     "jstimezonedetect": "^1.0.7",
     "lodash": "^4.17.20",
     "marked": "^1.2.8",
-    "moment": "^2.29.1",
+    "moment": "^2.29.4",
     "moment-timezone": "^0.5.33",
     "nextcloud-vue-collections": "^0.9.0",
     "p-limit": "^3.1.0",