Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

moment package upgraded to the latest version. #1004

Closed
wants to merge 3 commits into from
Closed

moment package upgraded to the latest version. #1004

wants to merge 3 commits into from

Conversation

MEGApixel23
Copy link
Contributor

No description provided.

@MEGApixel23
Update package.json
8ac17fe 
moment package upgraded to the latest version.
@MEGApixel23
Update package-lock.json
a8ad808 
moment package upgraded to the latest version.
@linux-foundation-easycla
Copy link

linux-foundation-easycla bot commented Sep 16, 2022
edited

CLA Signed

The committers listed above are authorized under a signed CLA.

@milakucher
Copy link

hi there!
any ideas when this can be merged? :)

@sergei-lobanov
Copy link

any updates on this?

@senthur-kumaran
Copy link

senthur-kumaran commented Jan 28, 2023
edited

Any update about this PR merge? Because this version upgrade fixes the vulnerability issue.

@gilmoreorless
Copy link
Member

Just to be clear, moment-timezone itself doesn't have a vulnerability. Automated tools are only complaining because its dependency on moment is accurately stating that it will work with any version from 2.9.0 onwards (as mentioned at #997 (comment)).

New installs of moment-timezone using npm or yarn should include the latest version of moment anyway. Existing vulnerable versions can easily be upgraded using npm audit fix or similar tools (e.g. npx yarn-deduplicate). Therefore it isn't critical to update the dependency definition in package.json — it's mostly just wanted to silence automated security tools.

@ichernev has stated a few times that he doesn't want to bump this dependency version (#991 (comment), #997 (comment), #979 (comment)). He's been part of the Moment team for a long time, so I generally defer to his judgement.

Personally though, I know just how irritating those automated security warnings can be, and they'll only continue to nag. As far as I know, the dependencies field in package.json really only affects people using package managers like npm, yarn, etc. It doesn't stop people from using a different version of moment if they want.

The documentation still says it can work with core Moment >= 2.9.0. I'm thinking we should probably just merge this, then revisit plans to move moment to peerDependencies instead.

@ichernev your thoughts?

gilmoreorless added a commit that referenced this pull request Feb 25, 2023
@gilmoreorless @MEGApixel23
Bump moment dependency to 2.29.4 (#1004)
8080504 
Moment Timezone still works with core Moment 2.9.0 and above. But security
auditing tools are continually complaining about old versions being brought in
via package managers. Bumping the dependency to the latest version should at
least silence the warnings, even if it's not semantically correct.

Co-authored-by: Igor Omelchenko <a@megapixel23.com>
@gilmoreorless
Copy link
Member

After some discussions outside GitHub, I've decided to go ahead with this dependency bump, and accelerate plans to use peerDependencies instead. There have been several dev dependency updates since this PR was created, causing conflicts. I've manually merged this change in 8080504, leaving @MEGApixel23 as co-author.

I'll try to get a new release of moment-timezone out soon because I want to decouple this version bump from any data updates. February is generally quiet for tzdb data updates, but March usually has at least one data update, so I'm expecting to need a separate data-based release sometime in the next month.

scudette pushed a commit to Velocidex/velociraptor that referenced this pull request Mar 19, 2023
@snyk-bot
[Snyk] Upgrade moment-timezone from 0.5.40 to 0.5.41 (#2553)
e757afb 
<h3>Snyk has created this PR to upgrade moment-timezone from 0.5.40 to
0.5.41.</h3>

:information_source: Keep your dependencies up-to-date. This makes it
easier to fix existing vulnerabilities and to more quickly identify and
fix newly disclosed vulnerabilities when they affect your project.
<hr/>

- The recommended version is **1 version** ahead of your current
version.
- The recommended version was released **21 days ago**, on 2023-02-25.


<details>
<summary><b>Release notes</b></summary>
<br/>
  <details>
    <summary>Package name: <b>moment-timezone</b></summary>
    <ul>
      <li>
<b>0.5.41</b> - <a
href="https://snyk.io/redirect/github/moment/moment-timezone/releases/tag/0.5.41">2023-02-25</a></br><ul>
<li>Updated <code>moment</code> npm dependency to <code>2.29.4</code> to
remove automated warnings about insecure dependencies <a
class="issue-link js-issue-link" data-error-text="Failed to load title"
data-id="1376195089" data-permission-text="Title is private"
data-url="moment/moment-timezone#1004"
data-hovercard-type="pull_request"
data-hovercard-url="/moment/moment-timezone/pull/1004/hovercard"
href="https://snyk.io/redirect/github/moment/moment-timezone/pull/1004">#1004</a>.<br>
Moment Timezone still works with core Moment <code>2.9.0</code> and
higher.</li>
<li>Updated all dev dependencies including UglifyJS, which produces the
minified builds.</li>
<li>Added deprecation warning to the pre-built
<code>moment-timezone-with-data-2012-2022</code> bundles <a
href="https://snyk.io/redirect/github/moment/moment-timezone/issues/1035"
data-hovercard-type="issue"
data-hovercard-url="/moment/moment-timezone/issues/1035/hovercard">#1035</a>.<br>
Use the rolling <code>moment-timezone-with-data-10-year-range</code>
files instead.</li>
</ul>
      </li>
      <li>
<b>0.5.40</b> - <a
href="https://snyk.io/redirect/github/moment/moment-timezone/releases/tag/0.5.40">2022-12-11</a></br><ul>
<li>Updated data to IANA TZDB <code>2022g</code></li>
</ul>
      </li>
    </ul>
from <a
href="https://snyk.io/redirect/github/moment/moment-timezone/releases">moment-timezone
GitHub release notes</a>
  </details>
</details>


<details>
  <summary><b>Commit messages</b></summary>
  </br>
  <details>
    <summary>Package name: <b>moment-timezone</b></summary>
    <ul>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/98d3add7187947f37046a316802dcdfe40ad306a">98d3add</a>
Build moment-timezone 0.5.41</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/78cf3ade7b138f1d464be79194680fc1a8a7e290">78cf3ad</a>
changelog: Add 0.5.41</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/cd35dc6e3c806c91d46e7e6bc5039505f73052f3">cd35dc6</a>
Bump version to 0.5.41</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/76f5a75096026144f20c5e12adf325862e70e21c">76f5a75</a>
Re-number build tasks to match new running order</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/ace9a77b0d410509a6a8e92f21d1e4a15f8bce64">ace9a77</a>
Fix broken badges in README</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/8080504d8e39739e82e99ab2a87c60de9cd8915d">8080504</a>
Bump moment dependency to 2.29.4 (#1004)</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/61b14d67a4a479ae3f95892a8ae145f2b0ba9dfd">61b14d6</a>
Add deprecation warning to 2012-2022 pre-built files (#1036)</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/fc2936973a0be8b8f84e856ca23ee8d17441170f">fc29369</a>
Bump remaining grunt-contrib packages</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/c83479e54083f132dfc3455ef606794e291a37fe">c83479e</a>
tests: Fix guess tests for 2023</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/e501621297d7f992325bee5641f31c28a034addf">e501621</a>
Bump y18n from 4.0.0 to 4.0.3 (#1026)</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/0a7b5ddb47a59a5cc4efbc5e344e33d786955bd8">0a7b5dd</a>
Bump shelljs and grunt-contrib-jshint (#1025)</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/6078ad6921490bf05bc5b9e896bee63ef786d9d0">6078ad6</a>
Bump ejs and grunt-contrib-nodeunit (#1013)</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/84e665aa330c182533f72f7d4af73094a06c532f">84e665a</a>
Bump qs from 6.5.2 to 6.5.3 (#1021)</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/5bdbd1143db3d54eed69d6e2d9deb2e56dfe86c9">5bdbd11</a>
Bump minimatch from 3.0.4 to 3.0.8 (#1016)</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/8d1a6e1e0fe2e393ccf47f853ccd321aa1fa85b0">8d1a6e1</a>
Bump minimist, mkdirp and handlebars (#1012)</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/cfbbd5cd03fdde4374badc662db3b42158eeced9">cfbbd5c</a>
Bump json-schema and jsprim (#1011)</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/36ccdd3659490ba59cc4ba86122b535aa3c81a5d">36ccdd3</a>
Bump async from 2.6.2 to 2.6.4 (#1010)</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/4b38e45977b9a8b36f7814aa3f6be93bf9fb488b">4b38e45</a>
Bump ajv from 6.10.0 to 6.12.6 (#1003)</li>
    </ul>

<a
href="https://snyk.io/redirect/github/moment/moment-timezone/compare/d34de5593ddc0ccb7d4d73f3c7364e45cf28058a...98d3add7187947f37046a316802dcdfe40ad306a">Compare</a>
  </details>
</details>
<hr/>

**Note:** *You are seeing this because you or someone else with access
to this repository has authorized Snyk to open upgrade PRs.*

For more information: <img
src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiJmMWM1MzU0Yy0yNGZkLTQwNzMtYWQzNS1lMTgzYjJmY2MwMjQiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6ImYxYzUzNTRjLTI0ZmQtNDA3My1hZDM1LWUxODNiMmZjYzAyNCJ9fQ=="
width="0" height="0"/>

🧐 [View latest project
report](https://app.snyk.io/org/scudette/project/76f4d127-566b-42ef-86f4-bdcbc92b90b4?utm_source&#x3D;github&amp;utm_medium&#x3D;referral&amp;page&#x3D;upgrade-pr)

🛠 [Adjust upgrade PR
settings](https://app.snyk.io/org/scudette/project/76f4d127-566b-42ef-86f4-bdcbc92b90b4/settings/integration?utm_source&#x3D;github&amp;utm_medium&#x3D;referral&amp;page&#x3D;upgrade-pr)

🔕 [Ignore this dependency or unsubscribe from future upgrade
PRs](https://app.snyk.io/org/scudette/project/76f4d127-566b-42ef-86f4-bdcbc92b90b4/settings/integration?pkg&#x3D;moment-timezone&amp;utm_source&#x3D;github&amp;utm_medium&#x3D;referral&amp;page&#x3D;upgrade-pr#auto-dep-upgrades)

<!---
(snyk:metadata:{"prId":"f1c5354c-24fd-4073-ad35-e183b2fcc024","prPublicId":"f1c5354c-24fd-4073-ad35-e183b2fcc024","dependencies":[{"name":"moment-timezone","from":"0.5.40","to":"0.5.41"}],"packageManager":"npm","type":"auto","projectUrl":"https://app.snyk.io/org/scudette/project/76f4d127-566b-42ef-86f4-bdcbc92b90b4?utm_source=github&utm_medium=referral&page=upgrade-pr","projectPublicId":"76f4d127-566b-42ef-86f4-bdcbc92b90b4","env":"prod","prType":"upgrade","vulns":[],"issuesToFix":[],"upgrade":[],"upgradeInfo":{"versionsDiff":1,"publishedDate":"2023-02-25T07:02:31.672Z"},"templateVariants":[],"hasFixes":false,"isMajorUpgrade":false,"isBreakingChange":false,"priorityScoreList":[]})
--->
scudette pushed a commit to Velocidex/velociraptor that referenced this pull request Mar 20, 2023
@snyk-bot @scudette
[Snyk] Upgrade moment-timezone from 0.5.40 to 0.5.41 (#2553)
91ed8d2 
<h3>Snyk has created this PR to upgrade moment-timezone from 0.5.40 to
0.5.41.</h3>

:information_source: Keep your dependencies up-to-date. This makes it
easier to fix existing vulnerabilities and to more quickly identify and
fix newly disclosed vulnerabilities when they affect your project.
<hr/>

- The recommended version is **1 version** ahead of your current
version.
- The recommended version was released **21 days ago**, on 2023-02-25.


<details>
<summary><b>Release notes</b></summary>
<br/>
  <details>
    <summary>Package name: <b>moment-timezone</b></summary>
    <ul>
      <li>
<b>0.5.41</b> - <a
href="https://snyk.io/redirect/github/moment/moment-timezone/releases/tag/0.5.41">2023-02-25</a></br><ul>
<li>Updated <code>moment</code> npm dependency to <code>2.29.4</code> to
remove automated warnings about insecure dependencies <a
class="issue-link js-issue-link" data-error-text="Failed to load title"
data-id="1376195089" data-permission-text="Title is private"
data-url="moment/moment-timezone#1004"
data-hovercard-type="pull_request"
data-hovercard-url="/moment/moment-timezone/pull/1004/hovercard"
href="https://snyk.io/redirect/github/moment/moment-timezone/pull/1004">#1004</a>.<br>
Moment Timezone still works with core Moment <code>2.9.0</code> and
higher.</li>
<li>Updated all dev dependencies including UglifyJS, which produces the
minified builds.</li>
<li>Added deprecation warning to the pre-built
<code>moment-timezone-with-data-2012-2022</code> bundles <a
href="https://snyk.io/redirect/github/moment/moment-timezone/issues/1035"
data-hovercard-type="issue"
data-hovercard-url="/moment/moment-timezone/issues/1035/hovercard">#1035</a>.<br>
Use the rolling <code>moment-timezone-with-data-10-year-range</code>
files instead.</li>
</ul>
      </li>
      <li>
<b>0.5.40</b> - <a
href="https://snyk.io/redirect/github/moment/moment-timezone/releases/tag/0.5.40">2022-12-11</a></br><ul>
<li>Updated data to IANA TZDB <code>2022g</code></li>
</ul>
      </li>
    </ul>
from <a
href="https://snyk.io/redirect/github/moment/moment-timezone/releases">moment-timezone
GitHub release notes</a>
  </details>
</details>


<details>
  <summary><b>Commit messages</b></summary>
  </br>
  <details>
    <summary>Package name: <b>moment-timezone</b></summary>
    <ul>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/98d3add7187947f37046a316802dcdfe40ad306a">98d3add</a>
Build moment-timezone 0.5.41</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/78cf3ade7b138f1d464be79194680fc1a8a7e290">78cf3ad</a>
changelog: Add 0.5.41</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/cd35dc6e3c806c91d46e7e6bc5039505f73052f3">cd35dc6</a>
Bump version to 0.5.41</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/76f5a75096026144f20c5e12adf325862e70e21c">76f5a75</a>
Re-number build tasks to match new running order</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/ace9a77b0d410509a6a8e92f21d1e4a15f8bce64">ace9a77</a>
Fix broken badges in README</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/8080504d8e39739e82e99ab2a87c60de9cd8915d">8080504</a>
Bump moment dependency to 2.29.4 (#1004)</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/61b14d67a4a479ae3f95892a8ae145f2b0ba9dfd">61b14d6</a>
Add deprecation warning to 2012-2022 pre-built files (#1036)</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/fc2936973a0be8b8f84e856ca23ee8d17441170f">fc29369</a>
Bump remaining grunt-contrib packages</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/c83479e54083f132dfc3455ef606794e291a37fe">c83479e</a>
tests: Fix guess tests for 2023</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/e501621297d7f992325bee5641f31c28a034addf">e501621</a>
Bump y18n from 4.0.0 to 4.0.3 (#1026)</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/0a7b5ddb47a59a5cc4efbc5e344e33d786955bd8">0a7b5dd</a>
Bump shelljs and grunt-contrib-jshint (#1025)</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/6078ad6921490bf05bc5b9e896bee63ef786d9d0">6078ad6</a>
Bump ejs and grunt-contrib-nodeunit (#1013)</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/84e665aa330c182533f72f7d4af73094a06c532f">84e665a</a>
Bump qs from 6.5.2 to 6.5.3 (#1021)</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/5bdbd1143db3d54eed69d6e2d9deb2e56dfe86c9">5bdbd11</a>
Bump minimatch from 3.0.4 to 3.0.8 (#1016)</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/8d1a6e1e0fe2e393ccf47f853ccd321aa1fa85b0">8d1a6e1</a>
Bump minimist, mkdirp and handlebars (#1012)</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/cfbbd5cd03fdde4374badc662db3b42158eeced9">cfbbd5c</a>
Bump json-schema and jsprim (#1011)</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/36ccdd3659490ba59cc4ba86122b535aa3c81a5d">36ccdd3</a>
Bump async from 2.6.2 to 2.6.4 (#1010)</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/4b38e45977b9a8b36f7814aa3f6be93bf9fb488b">4b38e45</a>
Bump ajv from 6.10.0 to 6.12.6 (#1003)</li>
    </ul>

<a
href="https://snyk.io/redirect/github/moment/moment-timezone/compare/d34de5593ddc0ccb7d4d73f3c7364e45cf28058a...98d3add7187947f37046a316802dcdfe40ad306a">Compare</a>
  </details>
</details>
<hr/>

**Note:** *You are seeing this because you or someone else with access
to this repository has authorized Snyk to open upgrade PRs.*

For more information: <img
src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiJmMWM1MzU0Yy0yNGZkLTQwNzMtYWQzNS1lMTgzYjJmY2MwMjQiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6ImYxYzUzNTRjLTI0ZmQtNDA3My1hZDM1LWUxODNiMmZjYzAyNCJ9fQ=="
width="0" height="0"/>

🧐 [View latest project
report](https://app.snyk.io/org/scudette/project/76f4d127-566b-42ef-86f4-bdcbc92b90b4?utm_source&#x3D;github&amp;utm_medium&#x3D;referral&amp;page&#x3D;upgrade-pr)

🛠 [Adjust upgrade PR
settings](https://app.snyk.io/org/scudette/project/76f4d127-566b-42ef-86f4-bdcbc92b90b4/settings/integration?utm_source&#x3D;github&amp;utm_medium&#x3D;referral&amp;page&#x3D;upgrade-pr)

🔕 [Ignore this dependency or unsubscribe from future upgrade
PRs](https://app.snyk.io/org/scudette/project/76f4d127-566b-42ef-86f4-bdcbc92b90b4/settings/integration?pkg&#x3D;moment-timezone&amp;utm_source&#x3D;github&amp;utm_medium&#x3D;referral&amp;page&#x3D;upgrade-pr#auto-dep-upgrades)

<!---
(snyk:metadata:{"prId":"f1c5354c-24fd-4073-ad35-e183b2fcc024","prPublicId":"f1c5354c-24fd-4073-ad35-e183b2fcc024","dependencies":[{"name":"moment-timezone","from":"0.5.40","to":"0.5.41"}],"packageManager":"npm","type":"auto","projectUrl":"https://app.snyk.io/org/scudette/project/76f4d127-566b-42ef-86f4-bdcbc92b90b4?utm_source=github&utm_medium=referral&page=upgrade-pr","projectPublicId":"76f4d127-566b-42ef-86f4-bdcbc92b90b4","env":"prod","prType":"upgrade","vulns":[],"issuesToFix":[],"upgrade":[],"upgradeInfo":{"versionsDiff":1,"publishedDate":"2023-02-25T07:02:31.672Z"},"templateVariants":[],"hasFixes":false,"isMajorUpgrade":false,"isBreakingChange":false,"priorityScoreList":[]})
--->
scudette pushed a commit to Velocidex/velociraptor that referenced this pull request Mar 20, 2023
@snyk-bot @scudette
[Snyk] Upgrade moment-timezone from 0.5.40 to 0.5.41 (#2553)
b6fea7d 
<h3>Snyk has created this PR to upgrade moment-timezone from 0.5.40 to
0.5.41.</h3>

:information_source: Keep your dependencies up-to-date. This makes it
easier to fix existing vulnerabilities and to more quickly identify and
fix newly disclosed vulnerabilities when they affect your project.
<hr/>

- The recommended version is **1 version** ahead of your current
version.
- The recommended version was released **21 days ago**, on 2023-02-25.


<details>
<summary><b>Release notes</b></summary>
<br/>
  <details>
    <summary>Package name: <b>moment-timezone</b></summary>
    <ul>
      <li>
<b>0.5.41</b> - <a
href="https://snyk.io/redirect/github/moment/moment-timezone/releases/tag/0.5.41">2023-02-25</a></br><ul>
<li>Updated <code>moment</code> npm dependency to <code>2.29.4</code> to
remove automated warnings about insecure dependencies <a
class="issue-link js-issue-link" data-error-text="Failed to load title"
data-id="1376195089" data-permission-text="Title is private"
data-url="moment/moment-timezone#1004"
data-hovercard-type="pull_request"
data-hovercard-url="/moment/moment-timezone/pull/1004/hovercard"
href="https://snyk.io/redirect/github/moment/moment-timezone/pull/1004">#1004</a>.<br>
Moment Timezone still works with core Moment <code>2.9.0</code> and
higher.</li>
<li>Updated all dev dependencies including UglifyJS, which produces the
minified builds.</li>
<li>Added deprecation warning to the pre-built
<code>moment-timezone-with-data-2012-2022</code> bundles <a
href="https://snyk.io/redirect/github/moment/moment-timezone/issues/1035"
data-hovercard-type="issue"
data-hovercard-url="/moment/moment-timezone/issues/1035/hovercard">#1035</a>.<br>
Use the rolling <code>moment-timezone-with-data-10-year-range</code>
files instead.</li>
</ul>
      </li>
      <li>
<b>0.5.40</b> - <a
href="https://snyk.io/redirect/github/moment/moment-timezone/releases/tag/0.5.40">2022-12-11</a></br><ul>
<li>Updated data to IANA TZDB <code>2022g</code></li>
</ul>
      </li>
    </ul>
from <a
href="https://snyk.io/redirect/github/moment/moment-timezone/releases">moment-timezone
GitHub release notes</a>
  </details>
</details>


<details>
  <summary><b>Commit messages</b></summary>
  </br>
  <details>
    <summary>Package name: <b>moment-timezone</b></summary>
    <ul>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/98d3add7187947f37046a316802dcdfe40ad306a">98d3add</a>
Build moment-timezone 0.5.41</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/78cf3ade7b138f1d464be79194680fc1a8a7e290">78cf3ad</a>
changelog: Add 0.5.41</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/cd35dc6e3c806c91d46e7e6bc5039505f73052f3">cd35dc6</a>
Bump version to 0.5.41</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/76f5a75096026144f20c5e12adf325862e70e21c">76f5a75</a>
Re-number build tasks to match new running order</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/ace9a77b0d410509a6a8e92f21d1e4a15f8bce64">ace9a77</a>
Fix broken badges in README</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/8080504d8e39739e82e99ab2a87c60de9cd8915d">8080504</a>
Bump moment dependency to 2.29.4 (#1004)</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/61b14d67a4a479ae3f95892a8ae145f2b0ba9dfd">61b14d6</a>
Add deprecation warning to 2012-2022 pre-built files (#1036)</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/fc2936973a0be8b8f84e856ca23ee8d17441170f">fc29369</a>
Bump remaining grunt-contrib packages</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/c83479e54083f132dfc3455ef606794e291a37fe">c83479e</a>
tests: Fix guess tests for 2023</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/e501621297d7f992325bee5641f31c28a034addf">e501621</a>
Bump y18n from 4.0.0 to 4.0.3 (#1026)</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/0a7b5ddb47a59a5cc4efbc5e344e33d786955bd8">0a7b5dd</a>
Bump shelljs and grunt-contrib-jshint (#1025)</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/6078ad6921490bf05bc5b9e896bee63ef786d9d0">6078ad6</a>
Bump ejs and grunt-contrib-nodeunit (#1013)</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/84e665aa330c182533f72f7d4af73094a06c532f">84e665a</a>
Bump qs from 6.5.2 to 6.5.3 (#1021)</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/5bdbd1143db3d54eed69d6e2d9deb2e56dfe86c9">5bdbd11</a>
Bump minimatch from 3.0.4 to 3.0.8 (#1016)</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/8d1a6e1e0fe2e393ccf47f853ccd321aa1fa85b0">8d1a6e1</a>
Bump minimist, mkdirp and handlebars (#1012)</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/cfbbd5cd03fdde4374badc662db3b42158eeced9">cfbbd5c</a>
Bump json-schema and jsprim (#1011)</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/36ccdd3659490ba59cc4ba86122b535aa3c81a5d">36ccdd3</a>
Bump async from 2.6.2 to 2.6.4 (#1010)</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/4b38e45977b9a8b36f7814aa3f6be93bf9fb488b">4b38e45</a>
Bump ajv from 6.10.0 to 6.12.6 (#1003)</li>
    </ul>

<a
href="https://snyk.io/redirect/github/moment/moment-timezone/compare/d34de5593ddc0ccb7d4d73f3c7364e45cf28058a...98d3add7187947f37046a316802dcdfe40ad306a">Compare</a>
  </details>
</details>
<hr/>

**Note:** *You are seeing this because you or someone else with access
to this repository has authorized Snyk to open upgrade PRs.*

For more information: <img
src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiJmMWM1MzU0Yy0yNGZkLTQwNzMtYWQzNS1lMTgzYjJmY2MwMjQiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6ImYxYzUzNTRjLTI0ZmQtNDA3My1hZDM1LWUxODNiMmZjYzAyNCJ9fQ=="
width="0" height="0"/>

🧐 [View latest project
report](https://app.snyk.io/org/scudette/project/76f4d127-566b-42ef-86f4-bdcbc92b90b4?utm_source&#x3D;github&amp;utm_medium&#x3D;referral&amp;page&#x3D;upgrade-pr)

🛠 [Adjust upgrade PR
settings](https://app.snyk.io/org/scudette/project/76f4d127-566b-42ef-86f4-bdcbc92b90b4/settings/integration?utm_source&#x3D;github&amp;utm_medium&#x3D;referral&amp;page&#x3D;upgrade-pr)

🔕 [Ignore this dependency or unsubscribe from future upgrade
PRs](https://app.snyk.io/org/scudette/project/76f4d127-566b-42ef-86f4-bdcbc92b90b4/settings/integration?pkg&#x3D;moment-timezone&amp;utm_source&#x3D;github&amp;utm_medium&#x3D;referral&amp;page&#x3D;upgrade-pr#auto-dep-upgrades)

<!---
(snyk:metadata:{"prId":"f1c5354c-24fd-4073-ad35-e183b2fcc024","prPublicId":"f1c5354c-24fd-4073-ad35-e183b2fcc024","dependencies":[{"name":"moment-timezone","from":"0.5.40","to":"0.5.41"}],"packageManager":"npm","type":"auto","projectUrl":"https://app.snyk.io/org/scudette/project/76f4d127-566b-42ef-86f4-bdcbc92b90b4?utm_source=github&utm_medium=referral&page=upgrade-pr","projectPublicId":"76f4d127-566b-42ef-86f4-bdcbc92b90b4","env":"prod","prType":"upgrade","vulns":[],"issuesToFix":[],"upgrade":[],"upgradeInfo":{"versionsDiff":1,"publishedDate":"2023-02-25T07:02:31.672Z"},"templateVariants":[],"hasFixes":false,"isMajorUpgrade":false,"isBreakingChange":false,"priorityScoreList":[]})
--->
scudette added a commit to Velocidex/velociraptor that referenced this pull request Apr 18, 2023
@scudette @snyk-bot
[Snyk] Upgrade moment-timezone from 0.5.41 to 0.5.42 (#2627)
4719b24 
<p>This PR was automatically created by Snyk using the credentials of a
real user.</p><br /><h3>Snyk has created this PR to upgrade
moment-timezone from 0.5.41 to 0.5.42.</h3>

:information_source: Keep your dependencies up-to-date. This makes it
easier to fix existing vulnerabilities and to more quickly identify and
fix newly disclosed vulnerabilities when they affect your project.
<hr/>

- The recommended version is **1 version** ahead of your current
version.
- The recommended version was released **21 days ago**, on 2023-03-24.


<details>
<summary><b>Release notes</b></summary>
<br/>
  <details>
    <summary>Package name: <b>moment-timezone</b></summary>
    <ul>
      <li>
<b>0.5.42</b> - <a
href="https://snyk.io/redirect/github/moment/moment-timezone/releases/tag/0.5.42">2023-03-24</a></br><ul>
<li>Updated data to IANA TZDB <code>2023b</code></li>
</ul>
      </li>
      <li>
<b>0.5.41</b> - <a
href="https://snyk.io/redirect/github/moment/moment-timezone/releases/tag/0.5.41">2023-02-25</a></br><ul>
<li>Updated <code>moment</code> npm dependency to <code>2.29.4</code> to
remove automated warnings about insecure dependencies <a
class="issue-link js-issue-link" data-error-text="Failed to load title"
data-id="1376195089" data-permission-text="Title is private"
data-url="moment/moment-timezone#1004"
data-hovercard-type="pull_request"
data-hovercard-url="/moment/moment-timezone/pull/1004/hovercard"
href="https://snyk.io/redirect/github/moment/moment-timezone/pull/1004">#1004</a>.<br>
Moment Timezone still works with core Moment <code>2.9.0</code> and
higher.</li>
<li>Updated all dev dependencies including UglifyJS, which produces the
minified builds.</li>
<li>Added deprecation warning to the pre-built
<code>moment-timezone-with-data-2012-2022</code> bundles <a
href="https://snyk.io/redirect/github/moment/moment-timezone/issues/1035"
data-hovercard-type="issue"
data-hovercard-url="/moment/moment-timezone/issues/1035/hovercard">#1035</a>.<br>
Use the rolling <code>moment-timezone-with-data-10-year-range</code>
files instead.</li>
</ul>
      </li>
    </ul>
from <a
href="https://snyk.io/redirect/github/moment/moment-timezone/releases">moment-timezone
GitHub release notes</a>
  </details>
</details>


<details>
  <summary><b>Commit messages</b></summary>
  </br>
  <details>
    <summary>Package name: <b>moment-timezone</b></summary>
    <ul>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/81ce2526c0793454dd00f89c67531aeb30469319">81ce252</a>
Bump version in moment-timezone-utils.js</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/4116a04b868e63097c26a286df20e5a336e2761a">4116a04</a>
Build moment-timezone 0.5.42</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/c4a1ce146bb5a6600feac45732a569b1ef46e9bf">c4a1ce1</a>
changelog: Add 0.5.42</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/d702a49b9ce417daf17effb6ea341bc868e0b444">d702a49</a>
Bump version to 0.5.42</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/c008188c8271a37cfbd966a9229d21e7454fc906">c008188</a>
Merge pull request #1047 from moment/data/2023b</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/f094113486206d767cb1c5535444f96948d760d2">f094113</a>
tests: Fix country tests for 2023b</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/81e6c8132d793930c331665ee858feca68171121">81e6c81</a>
data: Add 2023b</li>
<li><a
href="https://snyk.io/redirect/github/moment/moment-timezone/commit/a8d0fa1807986d6789d1c7d4dbe3cbdef69affb1">a8d0fa1</a>
Bump json5 via npm audit fix</li>
    </ul>

<a
href="https://snyk.io/redirect/github/moment/moment-timezone/compare/98d3add7187947f37046a316802dcdfe40ad306a...81ce2526c0793454dd00f89c67531aeb30469319">Compare</a>
  </details>
</details>
<hr/>

**Note:** *You are seeing this because you or someone else with access
to this repository has authorized Snyk to open upgrade PRs.*

For more information: <img
src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiJkYzhhNzM2Ny1jNDJkLTRkOGEtOGNlMS1iNjZmMjUwNjVkMjMiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6ImRjOGE3MzY3LWM0MmQtNGQ4YS04Y2UxLWI2NmYyNTA2NWQyMyJ9fQ=="
width="0" height="0"/>

🧐 [View latest project
report](https://app.snyk.io/org/scudette/project/76f4d127-566b-42ef-86f4-bdcbc92b90b4?utm_source&#x3D;github&amp;utm_medium&#x3D;referral&amp;page&#x3D;upgrade-pr)

🛠 [Adjust upgrade PR
settings](https://app.snyk.io/org/scudette/project/76f4d127-566b-42ef-86f4-bdcbc92b90b4/settings/integration?utm_source&#x3D;github&amp;utm_medium&#x3D;referral&amp;page&#x3D;upgrade-pr)

🔕 [Ignore this dependency or unsubscribe from future upgrade
PRs](https://app.snyk.io/org/scudette/project/76f4d127-566b-42ef-86f4-bdcbc92b90b4/settings/integration?pkg&#x3D;moment-timezone&amp;utm_source&#x3D;github&amp;utm_medium&#x3D;referral&amp;page&#x3D;upgrade-pr#auto-dep-upgrades)

<!---
(snyk:metadata:{"prId":"dc8a7367-c42d-4d8a-8ce1-b66f25065d23","prPublicId":"dc8a7367-c42d-4d8a-8ce1-b66f25065d23","dependencies":[{"name":"moment-timezone","from":"0.5.41","to":"0.5.42"}],"packageManager":"npm","type":"auto","projectUrl":"https://app.snyk.io/org/scudette/project/76f4d127-566b-42ef-86f4-bdcbc92b90b4?utm_source=github&utm_medium=referral&page=upgrade-pr","projectPublicId":"76f4d127-566b-42ef-86f4-bdcbc92b90b4","env":"prod","prType":"upgrade","vulns":[],"issuesToFix":[],"upgrade":[],"upgradeInfo":{"versionsDiff":1,"publishedDate":"2023-03-24T06:33:21.236Z"},"templateVariants":[],"hasFixes":false,"isMajorUpgrade":false,"isBreakingChange":false,"priorityScoreList":[]})
--->

Co-authored-by: snyk-bot <snyk-bot@snyk.io>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ranjithprabhuk ranjithprabhuk ranjithprabhuk approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@MEGApixel23 @milakucher @sergei-lobanov @senthur-kumaran @gilmoreorless @ranjithprabhuk