From ba0bf3fb6e99a9ee5c41149a0863bdb671218eeb Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Thu, 7 Jul 2022 13:12:51 +0000 Subject: [PATCH] fix: package.json & yarn.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-MOMENT-2944238 --- package.json | 2 +- yarn.lock | 13 +++++++++---- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/package.json b/package.json index a5fd7a1..17034a3 100644 --- a/package.json +++ b/package.json @@ -25,7 +25,7 @@ "express": "^4.17.1", "express-mongo-db": "^2.0.4", "express-pino-logger": "^4.0.0", - "moment": "^2.24.0", + "moment": "^2.29.4", "mongodb": "^3.2.7", "passport": "^0.4.0", "passport-auth0": "^1.1.0", diff --git a/yarn.lock b/yarn.lock index 5bdb0e8..c8ab01f 100644 --- a/yarn.lock +++ b/yarn.lock @@ -1870,10 +1870,10 @@ mkdirp@^0.5.1: dependencies: minimist "0.0.8" -moment@^2.24.0: - version "2.24.0" - resolved "https://registry.yarnpkg.com/moment/-/moment-2.24.0.tgz#0d055d53f5052aa653c9f6eb68bb5d12bf5c2b5b" - integrity sha512-bV7f+6l2QigeBBZSM/6yTNq4P2fNpSWj/0e7jQcy87A8e7o2nAfP/34/2ky5Vw4B9S446EtIhodAzkFCcR4dQg== +moment@^2.29.4: + version "2.29.4" + resolved "https://registry.yarnpkg.com/moment/-/moment-2.29.4.tgz#3dbe052889fe7c1b2ed966fcb3a77328964ef108" + integrity sha512-5LC9SOxjSc2HF6vO2CyuTDNivEdoz2IvyJJGj6X8DJ0eFyfszE0QiEd+iXmBvUP3WHxSjFH/vIsA0EN00cgr8w== mongodb-core@2.1.20: version "2.1.20" @@ -2779,6 +2779,11 @@ slice-ansi@^2.1.0: astral-regex "^1.0.0" is-fullwidth-code-point "^2.0.0" +snyk@^1.316.1: + version "1.965.0" + resolved "https://registry.yarnpkg.com/snyk/-/snyk-1.965.0.tgz#2214a7f4e865f12c5a4819db67ae0f4587b05d7d" + integrity sha512-ymkqOhWDqaPYrLBtKTpqdVimyFVJ8XeUxmj70WuiCUX/u6cmg3MXVkZE65LMga2TGcLPf87p7HN90u2uVRyk7A== + sonic-boom@^0.7.5: version "0.7.5" resolved "https://registry.yarnpkg.com/sonic-boom/-/sonic-boom-0.7.5.tgz#b383d92cdaaa8e66d1f77bdec71b49806d01b5f1"