I vote +1
- Verified Archive
- Verified Tags
- Ran NPM Audit
* Severity: moderate
semver vulnerable to Regular Expression Denial of Service -
https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
- Ran NPM test
- Ran Android paramedic tests
The found moderate vulnerability is a devDependency and I don't consider
this a blocker.
On 2023-10-27 7:58 a.m., Bryan Ellis wrote:
Please review and vote on this cordova-plugin-screen-orientation Release v3.0.4
by replying to this email (and keep discussion on the DISCUSS thread)
The archive has been published to dist/dev:
https://dist.apache.org/repos/dist/dev/cordova/screen-orientation-v3.0.4
The package was published from its corresponding git tag:
cordova-plugin-screen-orientation: 3.0.4 (b16cefcdf7)
Note that you can test it out via:
cordova plugin add
https://github.com/apache/cordova-plugin-screen-orientation#3.0.4
Upon a successful vote I will upload the archive to dist/, publish it to npm,
and post the blog post.
Voting guidelines:
https://github.com/apache/cordova-coho/blob/master/docs/release-voting.md
Voting will go on for a minimum of 48 hours.
=====
I vote +1:
* Ran coho audit-license-headers over the relevant repos
* Ran coho check-license to ensure all dependencies and subdependencies have
Apache-compatible licenses
* NPM audit
* 1 moderate severity vulnerability found in developer dependency. Resolved
in a minor release which can be released with next minor or major.
* NPM Test
* Ran `cordova build` test
* Ran `cordova run` emulators (iOS & Android)
* Ran `cordova plugin add` test
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org
For additional commands, e-mail: dev-h...@cordova.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org
For additional commands, e-mail: dev-h...@cordova.apache.org