Bump vulnerable version of moment #2677
Description
Intended outcome:
Install the package apollo v2.34.0 should be "safe". A new package should be published containing the patch version for moment.
Actual outcome:
Apollo v2.34.0 contains as dependency moment v2.29.3 which reports the following vulnerability:
├─ moment: 2.29.3
│ ├─ Issue: Moment.js vulnerable to Inefficient Regular Expression Complexity
│ ├─ URL: https://github.com/advisories/GHSA-wc69-rhjr-hc9g
│ ├─ Severity: high
│ ├─ Vulnerable Versions: >=2.18.0 <2.29.4
│ ├─ Patched Versions: >=2.29.4
│ ├─ Via: moment, moment-timezone, @sl/fusion.common-utils, @sl/fusion.common-static, @sl/fusion.common-components, @sl/fusion.widgets-manager, @sl/fusion.common-wizpack, @sl/fusion.widgets-certificate
│ └─ Recommendation: Upgrade to version 2.29.4 or later
How to reproduce the issue:
Versions
apollo v2.34.0