New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update momentjs to address NSP 532 ReDoS advisory. #305
Conversation
Well I don't know why nsp on Travis is failing this for some versions. Looks fine otherwise. |
@philnash Tried updating jsonwebtoken and still failing. It looks like Travis is looking at the current version and seeing a vulnerability in moment still, but that's what we're trying to fix. |
The file |
@gregory-latinier Thanks! Apologies, I didn't even notice, been out of pocket for a while. My version of npm wasn't updating the |
44c3f24
to
fcaafcc
Compare
Sorry to be a nuisance, but what's holding this back from being merged? |
@yelworc No worries, not a nuisance at all. I'll look into this. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
+1 Thanks for the contribution
* Update momentjs to address NSP 532 ReDoS advisory. * Update nsp. * Update jsonwebtoken which removes joi -> moment@2.18.1 * Updating package-lock. * Set nsp to 2.8.0.
Description
Addresses recent NSP advisory regarding ReDoS vulnerability.
moment/moment@69ed9d4