Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump moment to 2.15.x branch to resolve Regex DOS #78

Merged
merged 1 commit into from Oct 24, 2016

Conversation

@stjohnjohnson
Copy link
Contributor

stjohnjohnson commented Oct 24, 2016

Howdy, good-console maintainers. I just got an alert about a Regex DOS from snyk.io. Figured I could help by updating your dependency here. I can't see any reason why you're pinned to the minor version of moment, so I just bumped to the 2.15 branch.

Moment's changelog

See more information here:

@arb arb added this to the 6.1.3 milestone Oct 24, 2016
@arb arb self-assigned this Oct 24, 2016
@arb

This comment has been minimized.

Copy link
Contributor

arb commented Oct 24, 2016

The reason is because moment is a dependency outside my control and I don't trust outside packages to follow proper semver. It's safer and more predictable to pin to the minor.

@arb arb merged commit 95f4762 into hapijs:master Oct 24, 2016
1 check passed
1 check passed
continuous-integration/travis-ci/pr The Travis CI build passed
Details
@stjohnjohnson stjohnjohnson deleted the stjohnjohnson:patch-1 branch Oct 24, 2016
@stjohnjohnson

This comment has been minimized.

Copy link
Contributor Author

stjohnjohnson commented Oct 24, 2016

Thanks for merging this! That's a really good reason to pin. It would be interesting to create some sort of semver enforced package community. So modules could be voted on depending on their semver usage.

@calmdev calmdev mentioned this pull request Nov 30, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.