I vote +1:
* Verified Archive
* Verified Tags
* Ran NPM Audit (see notes)
* Unit tests runs locally with 1 error (See notes)
NPM audit reports:
json5 <2.2.2
Severity: high
Prototype Pollution in JSON5 via Parse Method -
https://github.com/advisories/GHSA-9c47-m6qq-7p4h
This comes from a sub development dependency of @cordova/eslint-config
and the issue exists on current production releases. Due to these
reasons, I don't consider this a blocker for this release and can be
resolved on our next release.
Regarding "pkgJson platform end-to-end with --save Test#012" failure,
I've investigated this issue and this is something to be addressed, but
I do not believe this issue is a blocker and can be resolved on our next
release. In short, message.split is a jasmine error because we are
rejecting with CordovaError. The underlying error is because we are
testing an unrealistic scenario, probably unintentionally. More details
will be in a bug ticket.
On 2022-12-28 6:15 a.m., Niklas Merz wrote:
I vote +1
* signature & hash ok
* no audit issues
* license headers ok
* tag ok
Note: I have one failing test locally ->
1) pkgJson platform end-to-end with --save Test#012 : platform with
local path is added correctly with --save
- Unhandled promise rejection: TypeError: message.split is not a
function
at <Jasmine>
- Error: Timeout - Async function did not complete within 150000ms
(set by jasmine.DEFAULT_TIMEOUT_INTERVAL)
at <Jasmine>
at listOnTimeout (node:internal/timers:559:17)
at processTimers (node:internal/timers:502:7)
Executed 81 of 81 specs (1 FAILED) in 5 mins 53 secs.
On December 26, 2022, Erisu <er...@apache.org> wrote:
Please review and vote on this cordova-lib release v11.1.0
by replying to this email (and keep discussion on the DISCUSS thread)
The archive has been published to dist/dev:
https://dist.apache.org/repos/dist/dev/cordova/lib-11.1.0
The package was published from its corresponding git tag:
cordova-lib: 11.1.0 (d2e9c53945)
Upon a successful vote I will upload the archive to dist/, publish it
to npm, and post the blog post.
Voting guidelines: https://github.com/apache/cordova-
coho/blob/master/docs/release-voting.md
Voting will go on for a minimum of 48 hours.
====
I vote +1:
* Ran coho audit-license-headers over the relevant repos
* Ran coho check-license to ensure all dependencies and sub-
dependencies have Apache-compatible licenses
* Ensured the continuous build was green when repo was tagged
* Ran `npm test`
* Ran `npm audit`
found 0 vulnerabilities
* Ran various `cordova` test w/ sample app:
* `cordova`
* `cordova -v`
* `cordova create`
* `cordova info`
* `cordova help`
* `cordova config ls`
* `cordova requirements`
* `cordova telemetry`
* `cordova plugin`
* `cordova plugin add`
* `cordova plugin rm`
* `cordova platform`
* `cordova platform add`
* `cordova platform rm`
* `cordova build`
* `cordova prepare`
* `cordova compile`
* `cordova run`
* `cordova serve`
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org
For additional commands, e-mail: dev-h...@cordova.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org
For additional commands, e-mail: dev-h...@cordova.apache.org
