From 47103b01ba45dbffd127533fc49fc9e498d670cd Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Tue, 5 Apr 2022 17:15:35 +0000 Subject: [PATCH] fix: package.json & yarn.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-MOMENT-2440688 --- package.json | 2 +- yarn.lock | 13 +++++++++---- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/package.json b/package.json index a5fd7a1..9de1b3c 100644 --- a/package.json +++ b/package.json @@ -25,7 +25,7 @@ "express": "^4.17.1", "express-mongo-db": "^2.0.4", "express-pino-logger": "^4.0.0", - "moment": "^2.24.0", + "moment": "^2.29.2", "mongodb": "^3.2.7", "passport": "^0.4.0", "passport-auth0": "^1.1.0", diff --git a/yarn.lock b/yarn.lock index 5bdb0e8..bd99eed 100644 --- a/yarn.lock +++ b/yarn.lock @@ -1870,10 +1870,10 @@ mkdirp@^0.5.1: dependencies: minimist "0.0.8" -moment@^2.24.0: - version "2.24.0" - resolved "https://registry.yarnpkg.com/moment/-/moment-2.24.0.tgz#0d055d53f5052aa653c9f6eb68bb5d12bf5c2b5b" - integrity sha512-bV7f+6l2QigeBBZSM/6yTNq4P2fNpSWj/0e7jQcy87A8e7o2nAfP/34/2ky5Vw4B9S446EtIhodAzkFCcR4dQg== +moment@^2.29.2: + version "2.29.2" + resolved "https://registry.yarnpkg.com/moment/-/moment-2.29.2.tgz#00910c60b20843bcba52d37d58c628b47b1f20e4" + integrity sha512-UgzG4rvxYpN15jgCmVJwac49h9ly9NurikMWGPdVxm8GZD6XjkKPxDTjQQ43gtGgnV3X0cAyWDdP2Wexoquifg== mongodb-core@2.1.20: version "2.1.20" @@ -2779,6 +2779,11 @@ slice-ansi@^2.1.0: astral-regex "^1.0.0" is-fullwidth-code-point "^2.0.0" +snyk@^1.316.1: + version "1.895.0" + resolved "https://registry.yarnpkg.com/snyk/-/snyk-1.895.0.tgz#b2ba335d7ee68bf8b1b320c2ca9bc35b2fb09282" + integrity sha512-8/1P6Hx5aiDzTYKCC+yPg5ZhKf4gflodohaQc8/852ftUkCZ58UJopaYkiBTXbN51OTLRIK/TLGfPY0DpVUe+w== + sonic-boom@^0.7.5: version "0.7.5" resolved "https://registry.yarnpkg.com/sonic-boom/-/sonic-boom-0.7.5.tgz#b383d92cdaaa8e66d1f77bdec71b49806d01b5f1"