npm reports high vulnerabilities for moment and async

[madzim]

Description

NPM is reporting high vulnerabilities with the moment and async dependencies.

This module depends on moment@2.19.3 and async@~0.2.9

moment

• Current: 2.19.3
• Vulnerable: < 2.29.2
• Patched: >= 2.29.2
• Report: [GHSA-8hfj-j24r-96c4](GHSA-8hfj-j24r-96c4)

async

• Current: ~0.2.9
• Vulnerable: < 2.6.4 and ( >= 3.0.0, < 3.2.2 )
• Patched: 2.6.4 and 3.2.2
• async vulnerability report: [GHSA-fwr7-v2mv-hh25](GHSA-fwr7-v2mv-hh25)

[madzim]

PR: #87

[RopoMen]

After this fix, update your package https://github.com/auth0/node-samlp as well. There is now three vulnerabilities; moment, async and ejs.