CVE-2022-31129 vulnerability for moment package in forest-express-mongoose

Hello @GuillaumeGautreau
We are getting vulnerability for moment version 2.9.2 in the latest forest-express-mongoose. Can you bump up the moment to version 2.9.4

Suggestion: Can you support minor instead of strict dependencies.

Hello @Vishnu_Gupta :wave:

I just opened a ticket on our issue tracker to update this version of moment. We will let you know once a new version is released with this security fix.

1 Like

Hey @Vishnu_Gupta :wave:

forest-express-mongoose@8.7.5 should embed the moment upgrade.

Let me know if that solves your issue :pray:

1 Like

@jeffladiray Thanks for the update