Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade luxon from 3.1.0 to 3.3.0 #7

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Upgrade luxon from 3.1.0 to 3.3.0 #7

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link
Contributor

Snyk has created this PR to upgrade luxon from 3.1.0 to 3.3.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 4 versions ahead of your current version.
  • The recommended version was released 24 days ago, on 2023-03-04.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Regular Expression Denial of Service (ReDoS)
SNYK-JS-LUXON-3225081		 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: luxon from luxon GitHub release notes
Commit messages
Package name: luxon
  • 88959de bump to 3.3.0
  • 8d48a70 fix space character in tests for node 19
  • f8ad684 zones.md assign to defaultZoneName (#1264)
  • 5573a2e fix notes for quarter workaround (#1265)
  • 33f7957 Fix Interval#count counting the endpoint as part of the interval (#1308)
  • 304bddc Update docs on react native android support (#1367)
  • c9f75ec Custom zone formatting support (#1377)
  • 5628d48 Add toUnixInteger() to the formatting documentation. (#1379)
  • 0c50b70 Fix support for Node.js 18.13+ (#1369)
  • c5a6b0a Handle dates in year 99 rolling over into year 100 behaving as if year 100 was a leap year (#1390)
  • e781052 allow parsing of just an offset
  • c12e5dc bump to 3.2.1
  • 5ab3bf6 fix rfc2822 regex
  • 806467a preserve language tags (#1354)
  • acc4952 bump dev dependencies
  • c8f7191 bump to 3.2.0
  • f9917c4 clarify equality docstring
  • a6f2737 allow timeZone to be specified as an intl option
  • f8285c7 find diff by duration hash instead of using repeated addition to cursor (#1340)
  • d607d8f remove extra param from tokenForPart
  • 7e5d24d Add Interval.toLocaleString() (#1320)
  • 545ace5 bump to 3.1.1
  • 3858a2a Fix tests (#1336)
  • d6ea633 Add Settings.twoDigitCutoffYear to configure parsing 'yy' token. (#1330)

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@snyk-bot