diff --git a/CHANGELOG.md b/CHANGELOG.md
index 6ef46cf93..6d5212907 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -9,6 +9,7 @@
 - Fix a bug: Event reservation calendar encoding in mail
 - Fix a bug: Missing of description of PlanCategory migration
 - Fix a bug: Unable to create plans for all group
+- Fix a security issue: updated moment.js to 2.29.2. to fix [CVE-2022-24785](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24785)
 
 ## v5.4.0 2022 May 12
 
diff --git a/yarn.lock b/yarn.lock
index 61dff2d7f..80b5da2da 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -5517,9 +5517,9 @@ moment-timezone@0.5:
     moment ">= 2.9.0"
 
 moment@2.29, "moment@>= 2.9.0", "moment@>=2.8.0 <3.0.0":
-  version "2.29.1"
-  resolved "https://registry.yarnpkg.com/moment/-/moment-2.29.1.tgz#b2be769fa31940be9eeea6469c075e35006fa3d3"
-  integrity sha512-kHmoybcPV8Sqy59DwNDY3Jefr64lK/by/da0ViFcuA4DH0vQg5Q6Ze5VimxkfQNSC+Mls/Kx53s7TjP1RhFEDQ==
+  version "2.29.2"
+  resolved "https://registry.yarnpkg.com/moment/-/moment-2.29.2.tgz#00910c60b20843bcba52d37d58c628b47b1f20e4"
+  integrity sha512-UgzG4rvxYpN15jgCmVJwac49h9ly9NurikMWGPdVxm8GZD6XjkKPxDTjQQ43gtGgnV3X0cAyWDdP2Wexoquifg==
 
 ms@2.0.0:
   version "2.0.0"