search

dannycoates / able

A/B testing service
http://dannycoates.github.io/able/
3 stars 4 forks source link

Update convict and uglify-js dependencies #17

Closed pdehaan closed 8 years ago

pdehaan commented 8 years ago

Ref: https://github.com/mozilla/fxa-content-server/pull/3693

Currently the package.json file hardcodes to convict@0.6.1, which [unfortunately] has a non-kosher version of moment.

We should upgrade to the latest version of convict to appease the NSP gods.

pdehaan commented 8 years ago

FWIW, here's the current nsp check output:

➜  able git:(master) nsp check -o summary
(+) 5 vulnerabilities found
 Name        Installed   Patched    Path                                        More Info
 moment      2.8.4       >=2.11.2   able@0.4.3 > convict@0.6.1 > moment@2.8.4   https://nodesecurity.io/advisories/55
 hapi        8.4.0       >=11.1.4   able@0.4.3 > hapi@8.4.0                     https://nodesecurity.io/advisories/65
 hapi        8.4.0       >=11.0.0   able@0.4.3 > hapi@8.4.0                     https://nodesecurity.io/advisories/45
 hapi        8.4.0       >=11.1.3   able@0.4.3 > hapi@8.4.0                     https://nodesecurity.io/advisories/63
 uglify-js   2.4.24      >=2.6.0    able@0.4.3 > uglify-js@2.4.24               https://nodesecurity.io/advisories/48