lets update some modules!

[pdehaan]

Some are old and crufty and in need of updating.

Name     Installed  Patched  Dependency
connect    1.7.2    >=2.8.1  browserid
qs         0.5.6     >= 1.x  browserid > winston > request

And for the whole list of update-able modules:

$ npm outdated --depth 0 | sort

Package          Current  Wanted  Latest  Location
async              0.2.9   0.2.9   0.9.0  async
awsbox             0.7.1   0.7.1   0.7.0  awsbox
bcrypt             0.7.7   0.7.7   0.8.0  bcrypt
cjson              0.2.1   0.2.1   0.3.0  cjson
compute-cluster    0.0.6   0.0.6   0.0.9  compute-cluster
connect            1.7.2   1.7.2   3.1.0  connect
connect-cachify   0.0.15  0.0.15  0.0.17  connect-cachify
connect-fonts     0.0.11  0.0.11   2.0.2  connect-fonts
convict            0.4.1   0.4.1   0.4.2  convict
ejs                0.8.4   0.8.4   1.0.0  ejs
express            2.5.0   2.5.0   4.8.2  express
htmlparser         1.7.6   1.7.6   1.7.7  htmlparser
i18n-abide        0.0.14  0.0.14  0.0.22  i18n-abide
irc                0.3.6   0.3.6   0.3.7  irc
jshint            2.1.11  2.1.11   2.5.2  jshint
jwcrypto           0.4.4   0.4.4   0.5.0  jwcrypto
mkdirp             0.3.5   0.3.5   0.5.0  mkdirp
mysql              0.9.6   0.9.6   2.4.2  mysql
nodemailer         0.5.3   0.5.3   1.1.1  nodemailer
optimist           0.6.0   0.6.0   0.6.1  optimist
rimraf             2.2.2   2.2.2   2.2.8  rimraf
semver             2.1.0   2.1.0   3.0.1  semver
temp               0.6.0   0.6.0   0.8.1  temp
uglify-js          1.0.6   1.0.6  2.4.15  uglify-js
uglifycss          0.0.5   0.0.5   0.0.9  uglifycss
underscore         1.5.2   1.5.2   1.6.0  underscore
useragent          2.0.7   2.0.7   2.0.9  useragent
validator          1.5.1   1.5.1  3.16.1  validator
winston            0.7.2   0.7.2   0.7.3  winston

[jaredhirsch]

@hemanth the hard part of this upgrade isn't just editing package.json, it's auditing all the breaking changes in all of these packages to make sure the site still works, and upgrading APIs that are years out of date. Bumping express from 2.x to 4.x is not going to be trivial, for instance.

Edited: ...but thanks for contributing! Maybe someone has time to mentor you on this bug, if you're interested in digging deeper :beers:

[hemanth]

@6a68 Yeah, I do understand the complexity involved, would be more than happy to pair up.

[pdehaan]

Protip: Update everything except Express and Connect and leave those for some other sucker heroic volunteer in a separate PR.

Trying to update 30 modules at once is a bag of hurt.

[hemanth]

heh heh /me shudders

[jaredhirsch]

@hemanth I'm sorry, but I don't have the time to help you bash through this. Maybe ping the dev-identity list and see if someone's got bandwidth? Or just open the PR and see how Travis does.

The jwcrypto changes are also likely non-trivial to untangle, I'd guess. The mysql package could spell trouble, too.

[hemanth]

@6a68 No problemo. I can understand. Travis bombs for lock-down

[callahad]

Hi! To help us better focus, I'm "closing" all issues that have been open for more than six months. These have been tagged "cleanup-2014" so that we can go back and review them in the future.

For more information, check out this thread: http://thread.gmane.org/gmane.comp.mozilla.identity.devel/7394

If you believe this bug is still a major issue for you, please comment, submit a pull request, or discuss it on our mailing list: https://lists.mozilla.org/listinfo/dev-identity

Sorry for GitHub notification spam!

[callahad]

Whoops, the mass-closing script misfired. Reopening.