CVE-2022-31129 vulnerability for moment package in forest-express-mongoose

Vishnu_Gupta · July 19, 2022, 3:34pm

Hello @GuillaumeGautreau
We are getting vulnerability for moment version 2.9.2 in the latest forest-express-mongoose. Can you bump up the moment to version 2.9.4

Suggestion: Can you support minor instead of strict dependencies.

jeffladiray · July 20, 2022, 6:49am

Hello @Vishnu_Gupta

I just opened a ticket on our issue tracker to update this version of moment. We will let you know once a new version is released with this security fix.

jeffladiray · July 25, 2022, 7:13am

Hey @Vishnu_Gupta

forest-express-mongoose@8.7.5 should embed the moment upgrade.

Let me know if that solves your issue

Vishnu_Gupta · July 26, 2022, 12:06pm

@jeffladiray Thanks for the update

Topic		Replies	Views
Need to patch vulnerable dependency packages Help me!	7	1207	April 25, 2022
Need to address high vulnerability inside lumber-forestadmin npm package Help me!	5	410	November 20, 2020
Forest cannot authenticate the user for this request Help me!	23	451	July 27, 2022
Forest cannot authenticate the user for this request after migrating to version 8 Help me!	3	235	June 24, 2022
Issues with development environment and editing layouts/creating teams Help me!	4	288	January 9, 2023

CVE-2022-31129 vulnerability for moment package in forest-express-mongoose

Related topics