Rabbot has insecure dependency

[mcasimir]

Rabbot does not pass the security check from nsp:

moment   2.10.2      >=2.11.2   [email protected] > [email protected] > [email protected] > [email protected]   https://nodesecurity.io/advisories/55 

[arobson]

I'm somewhat familiar with this issue. It's pretty unlikely that you're going to trigger it but I know the maintainer of whistlepunk and they'd be open to a PR to patch the moment version if it's something you need in order to use rabbot.

[astanciu]

There is a PR submitted to whistlepunk, just been sitting there for almost a year:
LeanKit-Labs/whistlepunk#21

Can we remove this dependency? That project hasn't been updated in 2 years

[loayg]

@arobson @astanciu
There are 2 vulnerabilities and snyk report has been failing because of these 2 vulnerabilities.
Also, there is a pr here to update debug version:
#110

 debug    2.2.0       >= 2.6.9 < 3.0.0 || >= 3.1.0   [email protected] > [email protected] > [email protected]     https://nodesecurity.io/advisories/534 
 moment   2.10.2      >=2.11.2              [email protected] > [email protected] > [email protected]   https://nodesecurity.io/advisories/55  

Thanks.