-
Notifications
You must be signed in to change notification settings - Fork 3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Moment library update, adapt to the changes in Moment's parsing of dates #9381
Comments
Hi @dariapimenovaleanix, thank you for the notification. We also got the PR from SNYK #9376 I will notify you as soon as we update this topic. |
@AMBudnik thank you! |
We will deal with upgrading the dependency shortly. Let me assure you that this vulnerability does not affect Handsontable when it is used, as intended, in a web browser. Anyway we should upgrade the dependency to silence the vulnerability alerts. |
We are tracking a solution in the PR #9382, but we need to take into account some changes in |
Hi @dariapimenovaleanix we just released Handsontable v12 where we bumped the version of moment.js |
Description
handsontable
is currently usingmoment
library of the version 2.24.0.Affected versions of this package are vulnerable to Directory Traversal when a user provides a locale string which is directly used to switch moment locale.
Link to the known vulnerability in Snyk: https://security.snyk.io/vuln/SNYK-JS-MOMENT-2440688
How to fix
Upgrade
moment
to version 2.29.2 or higher.Your environment
The text was updated successfully, but these errors were encountered: