Bump moment-timezone from 0.5.31 to 0.5.33

[dependabot-preview]

Bumps moment-timezone from 0.5.31 to 0.5.33.

Release notes

Sourced from moment-timezone's releases.

Release 0.5.33

• Updated data to IANA TZDB 2021a

Release 0.5.32

• Updated data to IANA TZDB 2020d

Changelog

Sourced from moment-timezone's changelog.

0.5.33 2020-11-15

• Updated data to IANA TZDB 2021a

0.5.32 2020-11-14

• Updated data to IANA TZDB 2020d

Commits

• ffc4190 2021a (#927)
• 013e1db Create issue_template.md
• 3128dda IANA timezone database 2020d (#910)
• 0af917b Merge pull request #893 from mj1856/develop
• 1280365 Update README.md
• 063a950 Master -> Develop (#861)
• 910d83f Release0.5.31
• b055f5e Fixing Grunt version to 1.0.4 otherwise it fails (#855)
• e9b1c4c Develop -> Master release 0.5.29 (#849) (#854)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

[guardrails]

⚠️ We detected security issues in this pull request:

Hard-Coded Secrets (1)

api-vote.stuysu.org/.github/workflows/nodejs.yml

Line 41 in 2dc1421

MONGO_URL: mongodb://root:password@localhost:27017/vote-stuysu-org

More info on how to fix Hard-Coded Secrets in General.

---

Insecure Use of Dangerous Function (4)

api-vote.stuysu.org/src/graphql/resolvers/index.js

Line 23 in 2dc1421

resolvers[type] = require(dirPath);

api-vote.stuysu.org/src/graphql/resolvers/index.js

Line 30 in 2dc1421

propResolvers[propName] = require(resolverPath);

api-vote.stuysu.org/src/graphql/schema/index.js

Line 12 in 2dc1421

const schema = require(file);

api-vote.stuysu.org/src/models/index.js

Line 13 in 2dc1421

require(file);

More info on how to fix Insecure Use of Dangerous Function in Javascript.

---

Vulnerable Libraries (1)

• axios@0.19.2 no details available

More info on how to fix Vulnerable Libraries in Javascript.

---

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.