chore(deps): bump moment-timezone from 0.5.48 to 0.6.2

[dependabot]

Bumps moment-timezone from 0.5.48 to 0.6.2.

Release notes

Sourced from moment-timezone's releases.

Release 0.6.2

• Updated data to IANA TZDB 2026b. #1145

Release 0.6.1

• Updated data to IANA TZDB 2026a. #1140

NOTE: This release does not include recently-announced DST changes for British Columbia, Canada. Those changes will likely be in 2026b.

Release 0.6.0

• Fixed and updated TypeScript definitions. #1132
  • Updated types to more accurately match the code implementation.
  • Added definitions for pre-built files (e.g. moment-timezone-with-data.js).

This release is a potential breaking change for TypeScript projects only. The types are now more accurate, but consumers might hit errors if they were relying on the more relaxed types.

No implementation code has changed in this release.

Changelog

Sourced from moment-timezone's changelog.

0.6.2 2026-04-26

• Updated data to IANA TZDB 2026b. #1145

0.6.1 2026-03-18

• Updated data to IANA TZDB 2026a. #1140

0.6.0 2025-05-25

• Fixed and updated TypeScript definitions. #1132
  • Updated types to more accurately match the code implementation.
  • Added definitions for pre-built files (e.g. moment-timezone-with-data.js).

This release is a potential breaking change for TypeScript projects only. The types are now more accurate, but consumers might hit errors if they were relying on the more relaxed types.

No implementation code has changed in this release.

Commits

• 466c890 Bump version and build moment-timezone 0.6.2
• e311deb Merge pull request #1145 from moment/data/2026b
• 3270009 data: Add 2026b
• f498d96 build(deps): bump picomatch from 2.3.1 to 2.3.2 (#1143)
• 13e724c Build moment-timezone 0.6.1
• 22070ff Bump version to 0.6.1
• b4ebddb Merge pull request #1140 from moment/automated/data-update
• cb47a65 data: Add 2026a
• 026466a build(deps): bump lodash from 4.17.21 to 4.17.23 (#1137)
• 6dc5413 Update Antarctica guess tests for 2026
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

How to test

git clone -b dependabot/npm_and_yarn/moment-timezone-0.6.2 https://github.com/hexojs/hexo.git
cd hexo
npm install
npm test

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
npm/moment-timezone	0.6.2	🟢 4.6	Details Check Score Reason Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Packaging ⚠️ -1 packaging workflow not detected Code-Review ⚠️ 0 Found 0/16 approved changesets -- score normalized to 0 Maintained 🟢 10 10 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Pinned-Dependencies 🟢 5 dependency not pinned by hash detected -- score normalized to 5 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed

Scanned Files

• package-lock.json

[coveralls]

Coverage Report for CI Build 25355185851

Warning

No base build found for commit c7c78f9 on master.
Coverage changes can't be calculated without a base build.
If a base build is processing, this comment will update automatically when it completes.

Coverage: 99.502%

Details

• Patch coverage: No coverable lines changed in this PR.

Uncovered Changes

No uncovered changes found.

Coverage Regressions

Requires a base build to compare against. How to fix this →

---

Coverage Stats

Relevant Lines:	10037
Covered Lines:	9987
Line Coverage:	99.5%
Relevant Branches:	2538
Covered Branches:	2440
Branch Coverage:	96.14%
Branches in Coverage %:	No
Coverage Strength:	59.27 hits per line

---

💛 - Coveralls