date-and-time library security vulernability

Question

date-and-time library security vulernability

buildscientist opened this issue 3 years ago · 3 comments

Running v5.0.3 of Bulma-Calendar but this issue is still relevant to the latest release version and code base in master.

This library is using v0.6.3 of the date-and-time library which has a security vulnerability. See npm advisory 1592 for more details.

Answer 1 · 2021-04-15T13:49:26.000Z

FYI - for someone who is looking to resolve this issue you can use npm-force-resolutions to force bulma-calendar to use v0.14.2 or above of the date-and-time library.

Answer 2 · 2021-04-21T12:39:32.000Z

Updated Library on 0.14.2

Answer 3 · 2021-04-21T12:42:01.000Z

@michael-hack Thank you!