Titanium JIRA Archive
Alloy (ALOY)

[ALOY-1537] Update uglify-js and moment.js

GitHub Issuen/a
Resolution Date2017-02-22T04:39:29.000+0000
Affected Version/sn/a
Fix Version/salloy 1.9.7, Release 6.2.0
ReporterFeon Sua Xin Miao
AssigneeFeon Sua Xin Miao


Ran nsp check, two alloy dependencies, uglify-js@2.4.15 and moment@2.10.6, are returning Regular Expression Denial of Service. This ticket is to track the progress of updating uglify-js from 2.4.15 to *2.6.1* and moment.js from 2.10.6 to *2.17.1*. Note: ECMAScript 5.1 doesn't permit newline characters in string literals. It requires \n. According to [903](https://github.com/mishoo/UglifyJS2/pull/903) Uglify also doesn't like it in versions 2.6.2 and after, thus failed some of the test apps. For now, updating to uglify-js@2.6.1 should correct nsp errors. We need to look into alloy compiler if we need a major uglify upgrade.


  1. Feon Sua Xin Miao 2017-01-27

    PR: https://github.com/appcelerator/alloy/pull/812
  2. Brenton House 2017-02-23

    Did the moment.js that is used at runtime get updated as well? I know there is a bug in the shipped version that has hit a lot of devs.
  3. Feon Sua Xin Miao 2017-02-26

    [~brentonhouse], which version of Alloy contains the bug you mentioned? Is there a ticket for the bug?
  4. Brenton House 2017-02-27

    It's a bug in the old version of momentjs. I will look up the bug number.
  5. Brenton House 2017-02-27

  6. Feon Sua Xin Miao 2017-02-28

    [~brentonhouse], momentjs fix went into to version [2.14.0](https://github.com/moment/moment/pull/3177). Alloy momentjs builtin is at 2.16.0.
  7. Brenton House 2017-02-28

    Thanks [~fmiao]! I wasn't paying close enough attention! We were probably dealing with it before that version of Alloy got bundled with the Appcelerator SDK.
  8. Feon Sua Xin Miao 2017-02-28

    [~brentonhouse], no worries, really appreciate it! :)

JSON Source