You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Our package-lock.json shows that in our dependency tree we depend on moment@2.19.1 however this version of moment has a known vulnerability as described moment/moment#4163
The packages depending on moment are those that botkit depends on specifically:
chrono-node
ink-docstrap
joi
Updating the version of botkit that we depend on could fix this but we might have to create issues under those specific packages.
Patch our dependency graph in regards to https://nvd.nist.gov/vuln/detail/CVE-2017-18214
Our package-lock.json shows that in our dependency tree we depend on moment@2.19.1 however this version of moment has a known vulnerability as described moment/moment#4163
The packages depending on moment are those that botkit depends on specifically:
Updating the version of botkit that we depend on could fix this but we might have to create issues under those specific packages.
Output from
npm outdated
currently is:The text was updated successfully, but these errors were encountered: