Moment.js version Upgrade #6242
Closed
Bhaskara-Varma-D
started this conversation in
General
Replies: 1 comment
-
|
It's not pinned (moment@^2.29.4) and resolves to the latest minor release (2.30.1) when generating a fresh lock file. It's been updated in our releases at least since 5.0.0 |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
I noticed that the latest version of the Form.io library is using moment.js version 2.29.4, which has known security vulnerabilities flagged by various security scanning tools (e.g., Snyk, GitHub Advisory Database).
The latest version of Moment.js as of now is 2.30.1, which addresses some of these issues.
Would it be possible to consider upgrading to [email protected] in an upcoming release to reduce security risks and align with best practices?
I understand this may require regression testing but just wanted to bring it to your attention for review.
Thanks for your work on maintaining the project!
Beta Was this translation helpful? Give feedback.
All reactions