Skip to content

Comments

[Snyk] Upgrade luxon from 2.3.1 to 2.5.2#3

Open
snyk-bot wants to merge 1 commit intomainfrom
snyk-upgrade-3c433ce6cd4a59b442dde436e98f250d
Open

[Snyk] Upgrade luxon from 2.3.1 to 2.5.2#3
snyk-bot wants to merge 1 commit intomainfrom
snyk-upgrade-3c433ce6cd4a59b442dde436e98f250d

Conversation

@snyk-bot
Copy link
Contributor

@snyk-bot snyk-bot commented Mar 5, 2023

Snyk has created this PR to upgrade luxon from 2.3.1 to 2.5.2.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 5 versions ahead of your current version.
  • The recommended version was released 2 months ago, on 2023-01-04.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Regular Expression Denial of Service (ReDoS)
SNYK-JS-LUXON-3225081		 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: luxon
  • 2.5.2 - 2023-01-04

    fix rfc2822 regex & bump to 2.5.2

  • 2.5.1 - 2023-01-04

    fix rfc2822 regex

  • 2.5.0 - 2022-07-09
  • 2.4.0 - 2022-05-09
  • 2.3.2 - 2022-04-17
  • 2.3.1 - 2022-02-23
from luxon GitHub release notes
Commit messages
Package name: luxon
  • 204cdfe fix rfc2822 regex & bump to 2.5.2
  • 4817697 bump to 2.5.0
  • 00f1d72 fix changelog
  • eebc657 Add support for ESM-style node imports (#1218)
  • f1c181c Update why.md (#1211)
  • 4332730 mention escaping behavior in Duration.toFormat docstring (#1221)
  • 7b4a9d0 Bump parse-url from 6.0.0 to 6.0.2 (#1230)
  • 60c83c7 Fix link to duration months (#1232)
  • c7e606b Wednesday support for RFC 850 (#1225)
  • 6b47f20 fix luxon path in api-docs script (#1214)
  • bf7127d Increase number of allowed digits when parsing ISO duration (#1213)
  • 3ad1479 bump to 2.4.0
  • abe9bdf --amend
  • 2ee261b add support for extended zones
  • fd77159 Update math.md (#1180)
  • c19b4d8 fix bug 908 isInDST() incorrect (#1199)
  • 0f7c0e0 fix: change NBSP regex to a non-matching group #1169 (#1194)
  • 5d1cfe4 doc: add more common examples (#1192)
  • aa6ab8b Bump minimist from 1.2.5 to 1.2.6 (#1177)
  • 03b5da4 bump to 2.3.2
  • 0439ad2 fix tz calculations for negative years
  • a73654f Minor corrections (#1171)
  • 5303220 feat: add week formatting token "w" for duration (#1173)
  • 9012b64 fix weekday computation for years 0-100

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@snyk-bot