From 0f67568448b1b6dc1138780a1eeb6b05235e14ae Mon Sep 17 00:00:00 2001
From: Sylvain <bond.never.die@gmail.com>
Date: Tue, 27 Nov 2018 17:07:22 +0100
Subject: [PATCH] [security] upgrade moment to fix CVE-2016-4055 and
 CVE-2017-18214

---
 CHANGELOG.md |  2 ++
 package.json |  4 ++--
 yarn.lock    | 17 ++++++-----------
 3 files changed, 10 insertions(+), 13 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index d1609bf6c..9021beeca 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,8 @@
 
 - Updated angular.js to 1.6
 - Fix a security issue: dependency jQuery < 3.0.0 has a vulnerability as described in [CVE-2015-9251](https://nvd.nist.gov/vuln/detail/CVE-2015-9251)
+- Fix a security issue: dependency moment < 2.11.2 has a vulnerability as described in [CVE-2016-4055](https://nvd.nist.gov/vuln/detail/CVE-2016-4055)
+- Fix a security issue: dependency moment < 2.19.3 has a vulnerability as described in [CVE-2017-18214](https://nvd.nist.gov/vuln/detail/CVE-2017-18214)
 
 # v2.7.0 2018 November 27
 
diff --git a/package.json b/package.json
index 1a9638e75..9b5758c59 100644
--- a/package.json
+++ b/package.json
@@ -39,7 +39,7 @@
     "angular-loading-bar": "^0.9.0",
     "angular-medium-editor": "https://github.com/thijsw/angular-medium-editor.git#0.1.1",
     "angular-minicolors": "https://github.com/kaihenzler/angular-minicolors.git#0.0.5",
-    "angular-moment": "0.10",
+    "angular-moment": "1.3",
     "angular-resource": "1.6",
     "angular-sanitize": "1.6",
     "angular-scroll": "0.6",
@@ -65,7 +65,7 @@
     "jquery-ui": "https://github.com/devongovett/jqueryui-npm.git#1.10.4",
     "medium-editor": "4.4.0",
     "messageformat": "0.1.8",
-    "moment": "2.10.6",
+    "moment": "2.22",
     "moment-timezone": "0.5",
     "ng-caps-lock": "https://github.com/FabioMR/ng-caps-lock.git#1.0.3",
     "ng-fittext": "https://github.com/patrickmarabeas/ng-FitText.js.git#4.1.1",
diff --git a/yarn.lock b/yarn.lock
index f834ca40d..5fc1fa669 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -114,12 +114,12 @@ angular-loading-bar@^0.9.0:
   version "0.0.0"
   resolved "https://github.com/kaihenzler/angular-minicolors.git#0bf9edcb45eea49210e2f6355e24f162362eeb5a"
 
-angular-moment@0.10:
-  version "0.10.3"
-  resolved "https://registry.yarnpkg.com/angular-moment/-/angular-moment-0.10.3.tgz#63775c8e12f68fb353b8c80bc79db45689f8bf9d"
-  integrity sha1-Y3dcjhL2j7NTuMgLx520Von4v50=
+angular-moment@1.3:
+  version "1.3.0"
+  resolved "https://registry.yarnpkg.com/angular-moment/-/angular-moment-1.3.0.tgz#f501f66b6fcc832d8d36f8905cc7a93123ab2af0"
+  integrity sha512-KG8rvO9MoaBLwtGnxTeUveSyNtrL+RNgGl1zqWN36+HDCCVGk2DGWOzqKWB6o+eTTbO3Opn4hupWKIElc8XETA==
   dependencies:
-    moment ">=2.8.0 <2.11.0"
+    moment ">=2.8.0 <3.0.0"
 
 angular-resource@1.6:
   version "1.6.10"
@@ -1010,12 +1010,7 @@ moment-timezone@0.5:
   dependencies:
     moment ">= 2.9.0"
 
-moment@2.10.6, "moment@>=2.8.0 <2.11.0":
-  version "2.10.6"
-  resolved "https://registry.yarnpkg.com/moment/-/moment-2.10.6.tgz#6cb21967c79cba7b0ca5e66644f173662b3efa77"
-  integrity sha1-bLIZZ8ecunsMpeZmRPFzZis++nc=
-
-"moment@>= 2.9.0", moment@>=2.5.0, moment@^2.5.0:
+moment@2.22, "moment@>= 2.9.0", moment@>=2.5.0, "moment@>=2.8.0 <3.0.0", moment@^2.5.0:
   version "2.22.2"
   resolved "https://registry.yarnpkg.com/moment/-/moment-2.22.2.tgz#3c257f9839fc0e93ff53149632239eb90783ff66"
   integrity sha1-PCV/mDn8DpP/UxSWMiOeuQeD/2Y=