Dependency might be out of date
danielcobo opened this issue · comments
It seems the dependency used for following changes in CouchDB could be outdated.
Running npm install nano
on a current version of Node will log npm WARN engine follow@0.12.1: wanted: {"node":"0.12.x || 0.10.x || 0.8.x"} (current: {"node":"4.2.2","npm":"2.14.7"})
The issue has been already raised at the repository of the dependency, however it looks like it has not yet been resolved - iriscouch/follow#73
Getting the same issue. The README points to https://github.com/jhs/follow/blob/master/package.json#L11 which has the issue resolved, but irishcoush's follow is being used instead of jh's fork. I'm confused.
Bump.
nsp flags this as a security issue:
nano@6.2.0 > follow@0.12.1 > request@2.55.0 > hawk@2.3.1
There is a CVE open against hawk. See here https://nodesecurity.io/advisories/77
This repository has been merged into apache/couchdb-nano, please continue the discussion here