node-etl icon indicating copy to clipboard operation
node-etl copied to clipboard
verified publisher icon ZJONSSON

fix: removing moment to resolve path traversal vulnerability in moment dependency

Open derekaug opened this issue 3 years ago • 4 comments

Updates moment to version 2.29.2 to resolve this vulnerability.

derekaug avatar Apr 11 '22 18:04 derekaug

any tips on getting circleci to be able to pull from my fork?

derekaug avatar Apr 12 '22 14:04 derekaug

@ZJONSSON Any way I can support in getting this merged in? We are using unzipper and this appears to be a transitive dependency.

amarjandu avatar Oct 27 '23 19:10 amarjandu

I don't see moment being used, can we just remove?

ZJONSSON avatar May 27 '24 20:05 ZJONSSON

I don't see moment being used, can we just remove?

ooh, didn't even check that. went ahead and removed moment in the PR.

derekaug avatar May 28 '24 13:05 derekaug