breautek opened a new pull request, #1239: URL: https://github.com/apache/cordova-docs/pull/1239
<!-- Please make sure the checklist boxes are all checked before submitting the PR. The checklist is intended as a quick reference, for complete details please see our Contributor Guidelines: http://cordova.apache.org/contribute/contribute_guidelines.html Thanks! --> ### Platforms affected Development Tools ### Motivation and Context <!-- Why is this change required? What problem does it solve? --> <!-- If it fixes an open issue, please link to the issue here. --> Progresses https://github.com/apache/cordova/issues/300 ### Description <!-- Describe your changes in detail --> Ran `npm install` which upgraded the package lock version, and ran `npm update` to resolve several vulnerabilties. 10 outstanding vulnerabilities are present in the current versions of some of our dependencies. <details> <summary>NPM Audit Report</summary> ``` # npm audit report glob-parent <5.1.2 Severity: high Regular expression denial of service in glob-parent - https://github.com/advisories/GHSA-ww39-953v-wcq6 fix available via `npm audit fix --force` Will install [email protected], which is a breaking change node_modules/glob-stream/node_modules/glob-parent node_modules/glob-watcher/node_modules/glob-parent chokidar 1.0.0-rc1 - 2.1.8 Depends on vulnerable versions of glob-parent node_modules/glob-watcher/node_modules/chokidar glob-watcher >=3.0.0 Depends on vulnerable versions of chokidar node_modules/glob-watcher gulp >=4.0.0 Depends on vulnerable versions of glob-watcher node_modules/gulp glob-stream 5.3.0 - 6.1.0 Depends on vulnerable versions of glob-parent node_modules/glob-stream vinyl-fs >=2.4.2 Depends on vulnerable versions of glob-stream node_modules/vinyl-fs lodash.template <4.5.0 Severity: critical Prototype Pollution in lodash - https://github.com/advisories/GHSA-jf85-cpcp-j695 fix available via `npm audit fix --force` Will install [email protected], which is a breaking change node_modules/gulp-util/node_modules/lodash.template gulp-util >=1.1.0 Depends on vulnerable versions of lodash.template node_modules/gulp-util minimist <=1.2.5 Severity: critical Prototype Pollution in minimist - https://github.com/advisories/GHSA-xvch-5gv4-984h Prototype Pollution in minimist - https://github.com/advisories/GHSA-vh95-rmgr-6w4m fix available via `npm audit fix --force` Will install [email protected], which is a breaking change node_modules/optimist/node_modules/minimist optimist >=0.6.0 Depends on vulnerable versions of minimist node_modules/optimist 10 vulnerabilities (6 high, 4 critical) ``` </details> ### Testing <!-- Please describe in detail how you tested your changes. --> Ran `npm test` as well as `npm run serve` to test locally. ### Checklist - [x] I've run the tests to see all new and existing tests pass - [x] I added automated test coverage as appropriate for this change - [x] Commit is prefixed with `(platform)` if this change only applies to one platform (e.g. `(android)`) - [x] If this Pull Request resolves an issue, I linked to the issue in the text above (and used the correct [keyword to close issues using keywords](https://help.github.com/articles/closing-issues-using-keywords/)) - [x] I've updated the documentation if necessary -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
