[ALOY-1537] Update uglify-js and moment.js
|Fix Version/s||alloy 1.9.7, Release 6.2.0|
|Reporter||Feon Sua Xin Miao|
|Assignee||Feon Sua Xin Miao|
nsp check, two alloy dependencies,
firstname.lastname@example.org, are returning
Regular Expression Denial of Service. This ticket is to track the progress of updating uglify-js from 2.4.15 to *2.6.1* and moment.js from 2.10.6 to *2.17.1*. Note: ECMAScript 5.1 doesn't permit newline characters in string literals. It requires
\n. According to (https://github.com/mishoo/UglifyJS2/pull/903) Uglify also doesn't like it in versions 2.6.2 and after, thus failed some of the test apps. For now, updating to email@example.com should correct nsp errors. We need to look into alloy compiler if we need a major uglify upgrade.
- Feon Sua Xin Miao 2017-01-27 PR: https://github.com/appcelerator/alloy/pull/812
- Brenton House 2017-02-23 Did the moment.js that is used at runtime get updated as well? I know there is a bug in the shipped version that has hit a lot of devs.
- Feon Sua Xin Miao 2017-02-26 [~brentonhouse], which version of Alloy contains the bug you mentioned? Is there a ticket for the bug?
- Brenton House 2017-02-27 It's a bug in the old version of momentjs. I will look up the bug number.
- Brenton House 2017-02-27 https://github.com/moment/moment/issues/2704
- Feon Sua Xin Miao 2017-02-28 [~brentonhouse], momentjs fix went into to version [2.14.0](https://github.com/moment/moment/pull/3177). Alloy momentjs builtin is at 2.16.0.
- Brenton House 2017-02-28 Thanks [~fmiao]! I wasn't paying close enough attention! We were probably dealing with it before that version of Alloy got bundled with the Appcelerator SDK.
- Feon Sua Xin Miao 2017-02-28 [~brentonhouse], no worries, really appreciate it! :)