I already updated cordova-js to use more modern tooling some time ago in https://github.com/apache/cordova-js/pull/176. I just had not gotten around to merging it yet. I did so just now.
Jesse <purplecabb...@gmail.com> schrieb am Do., 25. Okt. 2018, 10:19: > Hi Gandhi, > > There is an issue with this repo in that cordova-js uses a jasmine-node > version that depends on a non-secure version of growl. This is not a > trivial fix as moving to the recommended jasmine-node@2.0.1 is a breaking > change. > I am not completely of the mind that updating is the right approach here, > as I think in many ways the cordova-js project is outdated, and the whole > process of generating platform specific cordova.js files needs to be > rethought. > > Personally, this does not block me ... I do the following: > ⚡ npm i > audited 684 packages in 2.085s > found 1 critical severity vulnerability > run `npm audit fix` to fix them, or `npm audit` for details > > ⚡ npx grunt > ... succeeds > > ⚡ npx grunt compile:windows > Running "compile:windows" (compile) task > generated cordova.windows.js @ 243e7aac8cee0108927df0253118e36857ab9fc7 in > 5ms > Done. > > The typical way a platform is released is to use cordova-coho. > ex. `coho prepare-platform-release-branch -r cordova-android --version > 9.9.9` > This takes care of all the tagging, building/copying of cordova.js to the > correct platform folder. > > About the mobile-spec workflow, I have not done this is a long time, this > was more important when we were breaking things a lot. One expectation of > the tooling that may not be explicitly listed is that all repos are > expected to be cloned as peers. cordova-coho has commands that can help > manage the multitude of repos for you. > > Not sure if this helps you move forward, I am happy to dig into this more > with you. > > Cheers, > Jesse > > @purplecabbage > risingj.com > > > On Tue, Oct 23, 2018 at 10:22 PM gandhi rajan <gandhiraja...@gmail.com> > wrote: > > > Hi All, > > > > I was trying to understand the release process for Cordova platforms as > > mentioned in the following link - > > > > > https://github.com/apache/cordova-coho/blob/master/docs/platforms-release-process.md > > . > > > > While following the steps mentioned to test plugins with > > cordova-mobile-spec project, I got an error stating cordova-js module is > > not installed. When I tried to install cordova-js, the installation fails > > stating one critical severity vulnerability.On running npm audit on > > cordova-js, it states that the critical vulnerability is related to growl > > version. > > > > Can someone let me know whether I m missing some steps which is causing > > this issue or it's a vulnerability that needs to be fixed as I m not able > > to proceed with cordova-js module installation? > > > > Any help is really appreciated. Thanks in advance. > > > > > > -- > > Regards, > > Gandhi > > > > "The best way to find urself is to lose urself in the service of others > > !!!" > > >
