moment 2.29.3 Severity:high vulnerability

[boly38]

Hi

first thanks for this repo: a great tool 👏

it seems that moment dependency needs to be updated for security reasons

moment  2.18.0 - 2.29.3
Severity: high
Inefficient Regular Expression Complexity in moment - https://github.com/advisories/GHSA-wc69-rhjr-hc9g
fix available via `npm audit fix`
node_modules/moment

└─┬ [email protected]
  └── [email protected]

did you plan to update it ? thanks

[boly38]

a new one : file-type

file-type  13.0.0 - 16.5.3
Severity: high
file-type vulnerable to Infinite Loop via malformed MKV file - https://github.com/advisories/GHSA-mhxj-85r3-2x55
fix available via `npm audit fix`
node_modules/file-type

 [email protected]
  └── [email protected]

I'm able to workaround this by using npx-resolution but it would be great to update deps versions here.

  "scripts": {
    "preinstall": "npx force-resolutions",
(...)
  "resolutions": {
    "moment": "2.29.4",
    "file-type": "16.5.4"
(...)

NB: with file-type version 17.x.x I've issue with required compatibility (I'm using ESM import)

Error [ERR_REQUIRE_ESM]: require() of ES Module [MY_PROJECT]\node_modules\file-type\index.js from [MY_PROJECT]\node_modules\node-input-validator\lib\rules\mime.js not supported.
Instead change the require of index.js in [MY_PROJECT]\node_modules\node-input-validator\lib\rules\mime.js to a dynamic import() which is available in all CommonJS modules.

[bitnbytesio]

I know it too late. fixed: https://github.com/bitnbytesio/node-input-validator/commit/e7b59c99da99b6e773c1d67e1de641cfedd29d55 release: 4.5.1