Vulnerability scan results caused by transitive dependencies

This package depends on [`eonasdan-bootstrap-datetimepicker`](https://www.npmjs.com/package/eonasdan-bootstrap-datetimepicker) version 4.17.49 which depends on `bootstrap` version 3.4.1 and `moment-timezone` version 0.4.1. These transitive dependencies have vulnerabilities, which is causing vulnerability scan results for my project which uses `django-bootstrap-datepicker-plus`.

The vulnerabilities are:

- https://github.com/advisories/GHSA-9mvj-f7w8-pvh2 (`bootstrap`)
- https://github.com/advisories/GHSA-v78c-4p63-2j6c (`moment-timezone`)

It's possible that `eonasdan-bootstrap-datetimepicker` does not use these dependencies in a vulnerable manner, but it would be nice to update the dependencies of `django-bootstrap-datepicker-plus` to fix these vulnerability scan results.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Vulnerability scan results caused by transitive dependencies #126

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Uh oh!

Vulnerability scan results caused by transitive dependencies #126

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions