Upgrade moment to 2.19.3 #304

alltouch · 2017-11-29T20:52:07Z

NSP check fails with Regular Expression Denial of Service error. Required moment upgrade to 2.19.3

The text was updated successfully, but these errors were encountered:

YasharF · 2017-12-16T03:58:47Z

Snyk report on vulnerability in Snyk: https://snyk.io/test/npm/twilio

The underlying moment vulnerability was disclosed on 05 Sep, 2017, and published on 28 Nov, 2017

cilindrox · 2017-12-18T16:00:19Z

Any updates on this?

jhdielman · 2017-12-18T16:59:35Z

@cilindrox @YasharF @alltouch There's an open PR to resolve this. Should be merged soon :)

YasharF · 2017-12-18T17:04:44Z

cilindrox · 2017-12-20T02:54:16Z

esetnik · 2018-01-14T23:10:20Z

I have the same issue. Any idea when this is expected to land in the next moment version?

kuryaki · 2018-01-22T14:58:03Z

Gonna add twilio to .nsprc ignore in the meantime

YasharF · 2018-01-23T03:28:59Z

Confirming that the issue is now resolved with the release of twilio@3.11.1 and the package is no longer being flagged by nsp.

childish-sambino closed this as completed Mar 12, 2019

Provide feedback