This package depends on eonasdan-bootstrap-datetimepicker version 4.17.49 which depends on bootstrap version 3.4.1 and moment-timezone version 0.4.1. These transitive dependencies have vulnerabilities, which is causing vulnerability scan results for my project which uses django-bootstrap-datepicker-plus.
The vulnerabilities are:
It's possible that eonasdan-bootstrap-datetimepicker does not use these dependencies in a vulnerable manner, but it would be nice to update the dependencies of django-bootstrap-datepicker-plus to fix these vulnerability scan results.
This package depends on
eonasdan-bootstrap-datetimepickerversion 4.17.49 which depends onbootstrapversion 3.4.1 andmoment-timezoneversion 0.4.1. These transitive dependencies have vulnerabilities, which is causing vulnerability scan results for my project which usesdjango-bootstrap-datepicker-plus.The vulnerabilities are:
bootstrap)moment-timezone)It's possible that
eonasdan-bootstrap-datetimepickerdoes not use these dependencies in a vulnerable manner, but it would be nice to update the dependencies ofdjango-bootstrap-datepicker-plusto fix these vulnerability scan results.