[buddypress-trac] [BuddyPress Trac] #8766: moment.js is outdated and has CVEs
buddypress-trac
noreply at wordpress.org
Mon Nov 14 15:19:20 UTC 2022
#8766: moment.js is outdated and has CVEs
--------------------------+-----------------------------
Reporter: thomaslhotta | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Core | Version: 10.6.0
Severity: normal | Keywords:
--------------------------+-----------------------------
Hi
BuddyPress uses moment.js 2.15.1, which is quite a few years old (2016)
and has two CSVs (CVE-2017-18214, CVE-2022-24785). Both are node.js
related, so I do not think this is a security issue. But it might be good
to upgrade to at least 2.29.2 anyway, just to be safe.
--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/8766>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac
More information about the buddypress-trac
mailing list