django-bootstrap-datepicker-plus icon indicating copy to clipboard operation
django-bootstrap-datepicker-plus copied to clipboard
verified publisher icon monim67

Vulnerability scan results caused by transitive dependencies

Open rrlapointe opened this issue 7 months ago • 0 comments

This package depends on eonasdan-bootstrap-datetimepicker version 4.17.49 which depends on bootstrap version 3.4.1 and moment-timezone version 0.4.1. These transitive dependencies have vulnerabilities, which is causing vulnerability scan results for my project which uses django-bootstrap-datepicker-plus.

The vulnerabilities are:

  • https://github.com/advisories/GHSA-9mvj-f7w8-pvh2 (bootstrap)
  • https://github.com/advisories/GHSA-v78c-4p63-2j6c (moment-timezone)

It's possible that eonasdan-bootstrap-datetimepicker does not use these dependencies in a vulnerable manner, but it would be nice to update the dependencies of django-bootstrap-datepicker-plus to fix these vulnerability scan results.

rrlapointe avatar May 07 '25 17:05 rrlapointe