From b56a6fa21dcc49075ef9cfb9452c61378a65b6f6 Mon Sep 17 00:00:00 2001 From: Uri Shaked Date: Wed, 11 Apr 2018 23:53:14 +0300 Subject: [PATCH] fix #190: update momentjs version the current version seems to be prone to a regular expression denial of service attack: https://nvd.nist.gov/vuln/detail/CVE-2017-18214 --- package.json | 2 +- yarn.lock | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/package.json b/package.json index cf44a75..805baef 100644 --- a/package.json +++ b/package.json @@ -92,7 +92,7 @@ "@angular/core": ">=2.0.0 <6.0.0" }, "dependencies": { - "moment": "^2.16.0" + "moment": "^2.19.3" }, "devDependencies": { "@angular/common": "2.4.10", diff --git a/yarn.lock b/yarn.lock index d158616..3e40164 100644 --- a/yarn.lock +++ b/yarn.lock @@ -1794,9 +1794,9 @@ minimist@~0.0.1: dependencies: minimist "0.0.8" -moment@^2.16.0: - version "2.20.1" - resolved "https://registry.yarnpkg.com/moment/-/moment-2.20.1.tgz#d6eb1a46cbcc14a2b2f9434112c1ff8907f313fd" +moment@^2.19.3: + version "2.22.0" + resolved "https://registry.yarnpkg.com/moment/-/moment-2.22.0.tgz#7921ade01017dd45186e7fee5f424f0b8663a730" ms@2.0.0: version "2.0.0"