Re: [VOTE] cordova-create 4.1.0 Release

Sun, 01 Jan 2023 10:11:02 -0800 

I vote +1:

* Verified Archive
* Verified Tags
* Ran NPM Audit (see notes)
* Unit tests runs successfully locally

NPM audit reports:

json5  <2.2.2
Severity: high
Prototype Pollution in JSON5 via Parse Method - https://github.com/advisories/GHSA-9c47-m6qq-7p4h
This comes from a sub development dependency of @cordova/eslint-config and the issue exists on current production releases. Due to these reasons, I don't consider this a blocker for this release and can be resolved on our next release. 

On 2022-12-28 5:50 a.m., Niklas Merz wrote:

I vote +1

* signature & hash ok
* no audit issues
* tag ok
* changes look good
* tests pass locally

On December 26, 2022, Erisu <er...@apache.org> wrote:

Please review and vote on this cordova-create release v4.1.0
by replying to this email (and keep discussion on the DISCUSS thread)

The archive has been published to dist/dev:
https://dist.apache.org/repos/dist/dev/cordova/create-4.1.0

The package was published from its corresponding git tag:
  cordova-create: 4.1.0 (d191119db4)

Upon a successful vote I will upload the archive to dist/, publish it
to npm, and post the blog post.

Voting guidelines: https://github.com/apache/cordova-
coho/blob/master/docs/release-voting.md

Voting will go on for a minimum of 48 hours.

====

I vote +1:

* Ran coho audit-license-headers over the relevant repos
* Ran coho check-license to ensure all dependencies and sub-
dependencies have Apache-compatible licenses
* Ensured the continuous build was green when repo was tagged
* Ran `npm test`
* Ran `npm audit`

  found 0 vulnerabilities

* Ran various `cordova` test w/ sample app:
  * `cordova`
  * `cordova -v`
  * `cordova create`
  * `cordova info`
  * `cordova help`
  * `cordova config ls`
  * `cordova requirements`
  * `cordova telemetry`
  * `cordova plugin`
  * `cordova plugin add`
  * `cordova plugin rm`
  * `cordova platform`
  * `cordova platform add`
  * `cordova platform rm`
  * `cordova build`
  * `cordova prepare`
  * `cordova compile`
  * `cordova run`
  * `cordova serve`


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org
For additional commands, e-mail: dev-h...@cordova.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org
For additional commands, e-mail: dev-h...@cordova.apache.org

Reply via email to