diff --git a/CHANGELOG.md b/CHANGELOG.md
index b85e8c438..33b43808a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -10,6 +10,8 @@
 - Fix a bug: unable to generate statistics
 - Fix a bug: the automated test on statistics generation was not running
 - Fix a security issue: disable log4j format message lookup by default for new installations
+- Fix a security issue: updated omniauth to 1.9.2 to fix (CVE-2020-36599)[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36599]
+- Fix a security issue: updated moment-timezone to 0.5.35 to fix (GHSA-v78c-4p63-2j6c)[https://github.com/advisories/GHSA-v78c-4p63-2j6c] and (GHSA-56x4-j7p9-fcf9)[https://github.com/advisories/GHSA-56x4-j7p9-fcf9]
 - [TODO DEPLOY] `rails fablab:maintenance:regenerate_statistics[2022,07]`
 
 ## v5.4.16 2022 August 24
diff --git a/yarn.lock b/yarn.lock
index 82c4b0c6e..7a0ee5cfa 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -5611,9 +5611,9 @@ mkdirp@^0.5.5:
     minimist "^1.2.5"
 
 moment-timezone@0.5:
-  version "0.5.34"
-  resolved "https://registry.yarnpkg.com/moment-timezone/-/moment-timezone-0.5.34.tgz#a75938f7476b88f155d3504a9343f7519d9a405c"
-  integrity sha512-3zAEHh2hKUs3EXLESx/wsgw6IQdusOT8Bxm3D9UrHPQR7zlMmzwybC8zHEM1tQ4LJwP7fcxrWr8tuBg05fFCbg==
+  version "0.5.35"
+  resolved "https://registry.yarnpkg.com/moment-timezone/-/moment-timezone-0.5.35.tgz#6fa2631bdbe8ff04f6b8753f7199516be6dc9839"
+  integrity sha512-cY/pBOEXepQvlgli06ttCTKcIf8cD1nmNwOKQQAdHBqYApQSpAqotBMX0RJZNgMp6i0PlZuf1mFtnlyEkwyvFw==
   dependencies:
     moment ">= 2.9.0"