Skip to content
This repository has been archived by the owner on Jun 18, 2019. It is now read-only.

Commit

Permalink
Update from moment 2.19.2
Browse files Browse the repository at this point in the history 
Moment is affected by CVE2017-18214 (DoS via crafted date string). Not only is it a dev dependency, sunder does not use this functionality and therefore shouldn't be affected. To avoid receiving and ignoring security notifications, version bump of concurrently is non-trivial and requires code changes. Overriding and bumping version of moment in `package.json` appears to be an easy fix.
  • Loading branch information
@emkll
emkll authored and Conor Schaefer committed Mar 6, 2018
1 parent 6a330b4 commit 2795f29
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 5 deletions.
11 changes: 6 additions & 5 deletions package-lock.json
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -84,6 +84,7 @@
"minimist": "^1.2.0",
"mocha": "^3.3.0",
"mockery": "^1.6.2",
"moment": "^2.19.3",
"node-sass": "^3.4.2",
"nyc": "^10.3.0",
"react-addons-test-utils": "^15.0.0",
Expand Down

0 comments on commit 2795f29

Please sign in to comment.