[ALOY-1537] Update uglify-js and moment.js
| GitHub Issue | n/a |
|---|---|
| Type | Improvement |
| Priority | High |
| Status | Resolved |
| Resolution | Fixed |
| Resolution Date | 2017-02-22T04:39:29.000+0000 |
| Affected Version/s | n/a |
| Fix Version/s | alloy 1.9.7, Release 6.2.0 |
| Components | Tooling |
| Labels | n/a |
| Reporter | Feon Sua Xin Miao |
| Assignee | Feon Sua Xin Miao |
| Created | 2017-01-27T06:48:52.000+0000 |
| Updated | 2017-04-03T19:36:27.000+0000 |
Description
Ran
nsp check, two alloy dependencies, uglify-js@2.4.15 and moment@2.10.6, are returning Regular Expression Denial of Service.
This ticket is to track the progress of updating uglify-js from 2.4.15 to *2.6.1* and moment.js from 2.10.6 to *2.17.1*.
Note:
ECMAScript 5.1 doesn't permit newline characters in string literals. It requires \n. According to [903](https://github.com/mishoo/UglifyJS2/pull/903) Uglify also doesn't like it in versions 2.6.2 and after, thus failed some of the test apps. For now, updating to uglify-js@2.6.1 should correct nsp errors. We need to look into alloy compiler if we need a major uglify upgrade.
PR: https://github.com/appcelerator/alloy/pull/812
Did the moment.js that is used at runtime get updated as well? I know there is a bug in the shipped version that has hit a lot of devs.
[~brentonhouse], which version of Alloy contains the bug you mentioned? Is there a ticket for the bug?
It's a bug in the old version of momentjs. I will look up the bug number.
https://github.com/moment/moment/issues/2704
[~brentonhouse], momentjs fix went into to version [2.14.0](https://github.com/moment/moment/pull/3177). Alloy momentjs builtin is at 2.16.0.
Thanks [~fmiao]! I wasn't paying close enough attention! We were probably dealing with it before that version of Alloy got bundled with the Appcelerator SDK.
[~brentonhouse], no worries, really appreciate it! :)