The vote has now closed. The results are: Positive Binding Votes: 3
Bryan Ellis Niklas Merz Norman Breau Negative Binding Votes: 0 Other Votes: 0 The vote has passed. > On Oct 27, 2023, at 6:09, Norman Breau <nor...@breautek.com> wrote: > > I vote +1 > > - Verified Archive > - Verified Tags > - Ran NPM Audit > * Severity: moderate > semver vulnerable to Regular Expression Denial of Service - > https://github.com/advisories/GHSA-c2qf-rxjj-qqgw > - Ran NPM test > - Ran Android paramedic tests > > The found moderate vulnerability is a devDependency and I don't consider this > a blocker. > > On 2023-10-27 5:23 a.m., Bryan Ellis wrote: >> Please review and vote on this cordova-plugin-device-orientation Release >> v3.0.0 >> by replying to this email (and keep discussion on the DISCUSS thread) >> >> The archive has been published to dist/dev: >> >> https://dist.apache.org/repos/dist/dev/cordova/device-orientation-v3.0.0 >> >> The package was published from its corresponding git tag: >> >> cordova-plugin-device-orientation: 3.0.0 (1612f79ab9) >> >> Note that you can test it out via: >> >> cordova plugin add >> https://github.com/apache/cordova-plugin-device-orientation#3.0.0 >> >> Upon a successful vote I will upload the archive to dist/, publish it to >> npm, and post the blog post. >> >> Voting guidelines: >> https://github.com/apache/cordova-coho/blob/master/docs/release-voting.md >> >> Voting will go on for a minimum of 48 hours. >> >> ===== >> >> I vote +1: >> >> * Ran coho audit-license-headers over the relevant repos >> * Ran coho check-license to ensure all dependencies and subdependencies have >> Apache-compatible licenses >> * NPM audit >> * 1 moderate severity vulnerability found in developer dependency. >> Resolved in a minor release which can be released with next minor or major. >> * NPM Test >> * Ran `cordova build` test >> * Ran `cordova run` emulators (iOS & Android) >> * Ran `cordova plugin add` test >> >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org >> For additional commands, e-mail: dev-h...@cordova.apache.org >> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org > For additional commands, e-mail: dev-h...@cordova.apache.org >
