The vote has now closed. The results are: Positive Binding Votes: 3
Bryan Ellis Niklas Merz Norman Breau Negative Binding Votes: 0 Other Votes: 0 The vote has passed. > On Oct 27, 2023, at 6:06, Norman Breau <nor...@breautek.com> wrote: > > I vote +1 > > - Verified Archive > - Verified Tags > - Ran NPM Audit > * Severity: moderate > semver vulnerable to Regular Expression Denial of Service - > https://github.com/advisories/GHSA-c2qf-rxjj-qqgw > - Ran NPM test > - Ran Android paramedic tests > > The found moderate vulnerability is a devDependency and I don't consider this > a blocker. > > On 2023-10-27 5:16 a.m., Niklas Merz wrote: >> I vote +1 >> >> * signature & hash ok >> * tag ok >> * test ok >> * release notes look good >> * license & headers ok >> >> One small note: >> Minor npm audit issue with "semver" should not affect users. We could >> patch that for the next release. >> >> >> On October 27, 2023, Erisu <er...@apache.org> wrote: >>> Please review and vote on this cordova-plugin-file Release v8.0.1 >>> by replying to this email (and keep discussion on the DISCUSS thread) >>> >>> The archive has been published to dist/dev: >>> >>> https://dist.apache.org/repos/dist/dev/cordova/file-v8.0.1 >>> >>> The package was published from its corresponding git tag: >>> >>> cordova-plugin-file: 8.0.1 (f2cfe300b6) >>> >>> Note that you can test it out via: >>> >>> cordova plugin add https://github.com/apache/cordova-plugin- >>> file#8.0.1 >>> >>> Upon a successful vote I will upload the archive to dist/, publish it >>> to npm, and post the blog post. >>> >>> Voting guidelines: https://github.com/apache/cordova- >>> coho/blob/master/docs/release-voting.md >>> >>> Voting will go on for a minimum of 48 hours. >>> >>> ===== >>> >>> I vote +1: >>> >>> * Ran coho audit-license-headers over the relevant repos >>> * Ran coho check-license to ensure all dependencies and >>> subdependencies have Apache-compatible licenses >>> * NPM audit >>> * 1 moderate severity vulnerability found in developer dependency. >>> Resolved in a minor release which can be released with next minor or >>> major. >>> * NPM Test >>> * Ran `cordova build` test >>> * Ran `cordova run` emulators (iOS & Android) >>> * Ran `cordova plugin add` test >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org >>> For additional commands, e-mail: dev-h...@cordova.apache.org > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org > For additional commands, e-mail: dev-h...@cordova.apache.org >
