18577: Moment.js - LimeSurvey bugs and feature requests

This bug affects 1 person(s).

260

ID	Project	Category	View Status	Date Submitted	Last Update

18577	Bug reports	Security	public	2023-01-02 14:17	2023-02-20 10:39

Reporter	andreafesta	Assigned To	c_schmitz
Priority	urgent	Severity	minor
Status	closed	Resolution	fixed
Product Version	5.4.x

Summary	18577: Moment.js
Description	Dear, https://pagespeed.web.dev/ report me that there is Moment.js library has a vulnerability. How can I solve? Thank you Andrea
Steps To Reproduce	Steps to reproduce (Replace this text with detailed step-by-step instructions on how to reproduce the issue) Expected result (Write here what you expected to happen) Actual result (Write here what happened instead)
Tags	No tags attached.
Attached Files	errore.png (100,604 bytes)

Bug heat	260
Complete LimeSurvey version number (& build)	5.4.12+221121
I will donate to the project if issue is resolved	No
Browser	Chrome
Database type & version	10.3.36-MariaDB-0+deb10u2 - Debian 10
Server OS (if known)	Debian 10
Webserver software & version (if known)
PHP Version	7.3.31-1~deb10u2

User List	There are no users monitoring this issue.

ollehar 2023-01-04 10:48 administrator ~73349	Thanks for reporting, we'll have a look.

gabrieljenik 2023-01-04 22:21 manager ~73363	https://github.com/LimeSurvey/LimeSurvey/pull/2830

andreafesta 2023-01-05 09:40 reporter ~73364	Hi, thank you. I remove the folder: third_party\moment and there aren't error. Perhaps an old folder... It's ok? Thank you Andrea

gabrieljenik 2023-01-05 15:01 manager ~73369	The datetimepickers depend on moment. If you delete the folder, pickers wont work. And it is also used for example in the export of dummy users: (see attach) image.png (26,327 bytes) image.png (26,327 bytes)

guest 2023-02-15 23:13 viewer ~73839	Fix committed to master branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=34314

LimeBot 2023-02-20 10:39 administrator ~73878	Fixed in Release 5.6.6+230220

LimeSurvey: master fd803ec9 2023-02-15 23:13:32 Gabriel Jenik Committer: GitHub Details Diff	Fixed issue 18577: [security] Update Moment.js (#2830)	Affected Issues 18577
	mod - vendor/moment/moment-with-locales.js	Diff File
	mod - vendor/moment/moment-with-locales.min.js	Diff File

Date Modified	Username	Field	Change
2023-01-02 14:17	andreafesta	New Issue
2023-01-02 14:17	andreafesta	File Added: errore.png
2023-01-04 10:47	ollehar	Priority	none => urgent
2023-01-04 10:48	ollehar	Note Added: 73349
2023-01-04 10:48	ollehar	Bug heat	250 => 252
2023-01-04 15:04	gabrieljenik	Assigned To	=> gabrieljenik
2023-01-04 15:04	gabrieljenik	Status	new => assigned
2023-01-04 22:21	gabrieljenik	Assigned To	gabrieljenik => DenisChenu
2023-01-04 22:21	gabrieljenik	Status	assigned => ready for code review
2023-01-04 22:21	gabrieljenik	Note Added: 73363
2023-01-04 22:21	gabrieljenik	Bug heat	252 => 254
2023-01-05 09:40	andreafesta	Note Added: 73364
2023-01-05 09:40	andreafesta	Bug heat	254 => 256
2023-01-05 15:01	gabrieljenik	Note Added: 73369
2023-01-05 15:01	gabrieljenik	File Added: image.png
2023-01-05 15:52	DenisChenu	Assigned To	DenisChenu =>
2023-01-05 15:52	DenisChenu	Status	ready for code review => ready for testing
2023-02-15 23:13		Changeset attached	=> LimeSurvey master fd803ec9
2023-02-15 23:13	guest	Note Added: 73839
2023-02-15 23:13	guest	Bug heat	256 => 258
2023-02-15 23:14	c_schmitz	Assigned To	=> c_schmitz
2023-02-15 23:14	c_schmitz	Status	ready for testing => resolved
2023-02-15 23:14	c_schmitz	Resolution	open => fixed
2023-02-20 10:39	LimeBot	Note Added: 73878
2023-02-20 10:39	LimeBot	Status	resolved => closed
2023-02-20 10:39	LimeBot	Bug heat	258 => 260