Skip to content
This repository has been archived by the owner on Nov 5, 2018. It is now read-only.

Dependency might be out of date #307

Open
danielcobo opened this issue Jan 3, 2016 · 4 comments
Open

Dependency might be out of date #307

danielcobo opened this issue Jan 3, 2016 · 4 comments

Comments

@danielcobo
Copy link

It seems the dependency used for following changes in CouchDB could be outdated.

Running npm install nano on a current version of Node will log npm WARN engine follow@0.12.1: wanted: {"node":"0.12.x || 0.10.x || 0.8.x"} (current: {"node":"4.2.2","npm":"2.14.7"})

The issue has been already raised at the repository of the dependency, however it looks like it has not yet been resolved - iriscouch/follow#73
@satazor
Copy link
Contributor

satazor commented Jan 24, 2016

Getting the same issue. The README points to https://github.com/jhs/follow/blob/master/package.json#L11 which has the issue resolved, but irishcoush's follow is being used instead of jh's fork. I'm confused.

@satazor
Copy link
Contributor

satazor commented Mar 5, 2016

Bump.

@collinsrj
Copy link

nsp flags this as a security issue:

nano@6.2.0 > follow@0.12.1 > request@2.55.0 > hawk@2.3.1

There is a CVE open against hawk. See here https://nodesecurity.io/advisories/77

@carlosduclos carlosduclos mentioned this issue Mar 17, 2017
Closed
@carlosduclos
Copy link

This repository has been merged into apache/couchdb-nano, please continue the discussion here

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@satazor @collinsrj @danielcobo @carlosduclos