Uploaded image for project: 'Alloy'
  1. Alloy
  2. ALOY-1537

Update uglify-js and moment.js

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: High
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: alloy 1.9.7, Release 6.2.0
    • Component/s: Tooling
    • Labels:
      None
    • Story Points:
      5
    • Sprint:
      2017 Sprint 02 Tooling

      Description

      Ran nsp check, two alloy dependencies, uglify-js@2.4.15 and moment@2.10.6, are returning Regular Expression Denial of Service.

      This ticket is to track the progress of updating uglify-js from 2.4.15 to 2.6.1 and moment.js from 2.10.6 to 2.17.1.

      Note:
      ECMAScript 5.1 doesn't permit newline characters in string literals. It requires \n. According to 903 Uglify also doesn't like it in versions 2.6.2 and after, thus failed some of the test apps. For now, updating to uglify-js@2.6.1 should correct nsp errors. We need to look into alloy compiler if we need a major uglify upgrade.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                fmiao Feon Sua Xin Miao
                Reporter:
                fmiao Feon Sua Xin Miao
              • Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Backbone Issue Sync

                  • Backbone Issue Sync is enabled for your project, but we do not have any synchronization info for this issue.

                    Git Integration