From dc2a446ed8454195531acfb797026e0789116311 Mon Sep 17 00:00:00 2001 From: Mayank Kunwar Date: Tue, 30 Jul 2024 15:28:42 +0530 Subject: [PATCH] TEZ-4573: Upgrade momentjs to 2.29.4 due to CVE-2022-24785, CVE-2022-31129 and CVE-2017-18214 --- tez-ui/src/main/webapp/bower-shrinkwrap.json | 2 +- tez-ui/src/main/webapp/bower.json | 2 +- tez-ui/src/main/webapp/yarn.lock | 8 ++++---- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/tez-ui/src/main/webapp/bower-shrinkwrap.json b/tez-ui/src/main/webapp/bower-shrinkwrap.json index c8c506edce..0fb0a7c899 100644 --- a/tez-ui/src/main/webapp/bower-shrinkwrap.json +++ b/tez-ui/src/main/webapp/bower-shrinkwrap.json @@ -48,7 +48,7 @@ "0.5.0": "74a2e9378ecf4a31a168f3049f086565c8d66814" }, "https://github.com/moment/moment.git": { - "2.12.0": "d3d7488b4d60632854181cb0a9af325d57fb3d51" + "2.29.4": "000ac1800e620f770f4eb31b5ae908f6167b0ab2" }, "https://github.com/rwjblue/ember-qunit-builds.git": { "0.4.16": "142c4066a5458bef9dfcb92b70152b9c01d79188" diff --git a/tez-ui/src/main/webapp/bower.json b/tez-ui/src/main/webapp/bower.json index fb0498f11e..ff939fd401 100644 --- a/tez-ui/src/main/webapp/bower.json +++ b/tez-ui/src/main/webapp/bower.json @@ -16,7 +16,7 @@ "font-awesome": "4.5.0", "jquery": "2.1.4", "jquery-ui": "1.11.4", - "moment": "2.12.0", + "moment": "2.29.4", "moment-timezone": "0.5.0", "numeral": "1.5.3", "snippet-ss": "1.11.0", diff --git a/tez-ui/src/main/webapp/yarn.lock b/tez-ui/src/main/webapp/yarn.lock index 2895c46f55..7df8ea0a57 100644 --- a/tez-ui/src/main/webapp/yarn.lock +++ b/tez-ui/src/main/webapp/yarn.lock @@ -3253,11 +3253,11 @@ moment-timezone@^0.3.0: version "0.3.1" resolved "https://registry.yarnpkg.com/moment-timezone/-/moment-timezone-0.3.1.tgz#3ef47856b02d53b718a10a5ec2023aa299e07bf5" dependencies: - moment ">= 2.6.0" + moment ">= 2.29.4" -"moment@>= 2.6.0": - version "2.18.1" - resolved "https://registry.yarnpkg.com/moment/-/moment-2.18.1.tgz#c36193dd3ce1c2eed2adb7c802dbbc77a81b1c0f" +"moment@>= 2.29.4": + version "2.29.4" + resolved "https://registry.yarnpkg.com/moment/-/moment-2.29.4.tgz#3dbe052889fe7c1b2ed966fcb3a77328964ef108" morgan@^1.5.2: version "1.8.1"