Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Moment Security Advisory #97

Closed
calmdev opened this issue Nov 30, 2017 · 3 comments
Assignees
Milestone

Comments

@calmdev
Copy link
Contributor

@calmdev calmdev commented Nov 30, 2017

I'm using node security platform and it's flagging the moment dependency:
https://nodesecurity.io/advisories/532

Moment@2.19.3 contains the patch. Are you willing to accept a pull request bumping the version? I'm not sure how you'd want this pinned in package file. Is there some other workaround maybe?

@calmdev

This comment has been minimized.

Copy link
Contributor Author

@calmdev calmdev commented Nov 30, 2017

Similar to a past issue #78

@arb

This comment has been minimized.

Copy link
Contributor

@arb arb commented Nov 30, 2017

Sure, I'd take a PR.

@calmdev

This comment has been minimized.

Copy link
Contributor Author

@calmdev calmdev commented Nov 30, 2017

Ok, how do you want it referenced in package file "moment": "2.19.x"?

@arb arb closed this in #98 Dec 5, 2017
@Marsup Marsup added this to the 6.4.1 milestone Dec 5, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.