CVE-2022-31129 vulnerability for moment package in forest-express-mongoose

Vishnu_Gupta · July 19, 2022, 3:34pm

Hello @GuillaumeGautreau
We are getting vulnerability for moment version 2.9.2 in the latest forest-express-mongoose. Can you bump up the moment to version 2.9.4

Suggestion: Can you support minor instead of strict dependencies.

anon39848301 · July 20, 2022, 6:49am

Hello @Vishnu_Gupta

I just opened a ticket on our issue tracker to update this version of moment. We will let you know once a new version is released with this security fix.

anon39848301 · July 25, 2022, 7:13am

Hey @Vishnu_Gupta

forest-express-mongoose@8.7.5 should embed the moment upgrade.

Let me know if that solves your issue

Vishnu_Gupta · July 26, 2022, 12:06pm

@anon39848301 Thanks for the update

Topic		Replies	Views
Moment.js conflict with time based chart in dashboard Help me!	4	590	December 3, 2020
Time-based charts Help me!	25	1341	October 27, 2020
Need to address high vulnerability inside lumber-forestadmin npm package Help me!	5	438	November 20, 2020
FA - Sequelize use forest-express@10.0.0 instead of forest-express@10.0.1 Help me!	1	228	December 6, 2022
Receiving "424 failed dependency" errors on forest-express-mongoose when upgraded to any of the v9 variants Help me! setup	2	424	November 29, 2022

CVE-2022-31129 vulnerability for moment package in forest-express-mongoose

Related topics