You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
WhiteSource (which detects open source libraries with security or compliance issues) alerts an security vulnerability of moment.js.
The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055.
I know minify is using it in only tests and benchmarktools but it seems better to update this library.
Thank you in advance.
The text was updated successfully, but these errors were encountered:
Thanks for the issue! The truth is that the JS code is purely used for benchmarking and is never executed (the minifiers don't execute JS). To maintain the benchmark results comparable with the past, it is necessary to maintain the samples as they are. In this case there is no security risk so it shouldn't matter. Thank you in any case for mentioning!
WhiteSource (which detects open source libraries with security or compliance issues) alerts an security vulnerability of moment.js.
I know minify is using it in only tests and benchmarktools but it seems better to update this library.
Thank you in advance.
The text was updated successfully, but these errors were encountered: