You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cordova.apache.org by GitBox <gi...@apache.org> on 2020/04/28 14:50:07 UTC
[GitHub] [cordova-cli] fukumotoj opened a new issue #504: Bump Configstore Dependency
fukumotoj opened a new issue #504:
URL: https://github.com/apache/cordova-cli/issues/504
<!--
Please have a look at the issue templates you get when you click "New issue" in the GitHub UI.
We very much prefer issues created by using one of these templates.
-->
### Issue Type
<!-- Please check the boxes by putting an x in the [ ] like so: [x] -->
- [x ] Bug Report
- [ ] Feature Request
- [ ] Support Question
## Description
## Information
<!-- Include all relevant information that might help understand and reproduce the problem -->
There is a vulnerability in dot-prop@5.1.0 and below, report [here](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8116). This is a dependency of [configstore@4.x](https://github.com/yeoman/configstore) Bumping to 5 will resolve.
### Command or Code
<!-- What command or code is needed to reproduce the problem? -->
### Environment, Platform, Device
<!-- In what environment, on what platform or on which device are you experiencing the issue? -->
### Version information
<!--
What are relevant versions you are using?
For example:
Cordova: Cordova CLI, Cordova Platforms, Cordova Plugins
Other Frameworks: Ionic Framework and CLI version
Operating System, Android Studio, Xcode etc.
-->
Cordova@9
## Checklist
<!-- Please check the boxes by putting an `x` in the `[ ]` like so: `[x]` -->
- [x ] I searched for already existing GitHub issues about this
- [x ] I updated all Cordova tooling to their most recent version
- [ x] I included all the necessary information above
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@cordova.apache.org
For additional commands, e-mail: issues-help@cordova.apache.org
[GitHub] [cordova-cli] breautek commented on issue #504: Bump Configstore Dependency
Posted by GitBox <gi...@apache.org>.
breautek commented on issue #504:
URL: https://github.com/apache/cordova-cli/issues/504#issuecomment-698097884
Closing because `master` has `configstore@^5.0.1` set.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@cordova.apache.org
For additional commands, e-mail: issues-help@cordova.apache.org
[GitHub] [cordova-cli] breautek closed issue #504: Bump Configstore Dependency
Posted by GitBox <gi...@apache.org>.
breautek closed issue #504:
URL: https://github.com/apache/cordova-cli/issues/504
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@cordova.apache.org
For additional commands, e-mail: issues-help@cordova.apache.org
[GitHub] [cordova-cli] breautek commented on issue #504: Bump Configstore Dependency
Posted by GitBox <gi...@apache.org>.
breautek commented on issue #504:
URL: https://github.com/apache/cordova-cli/issues/504#issuecomment-698097884
Closing because `master` has `configstore@^5.0.1` set.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@cordova.apache.org
For additional commands, e-mail: issues-help@cordova.apache.org
[GitHub] [cordova-cli] timbru31 commented on issue #504: Bump Configstore Dependency
Posted by GitBox <gi...@apache.org>.
timbru31 commented on issue #504:
URL: https://github.com/apache/cordova-cli/issues/504#issuecomment-620686094
configstore@5 only breaking change is dropping support for Node.js <8, since our master is already at 10.0.0-dev this update should be fine.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@cordova.apache.org
For additional commands, e-mail: issues-help@cordova.apache.org
[GitHub] [cordova-cli] breautek closed issue #504: Bump Configstore Dependency
Posted by GitBox <gi...@apache.org>.
breautek closed issue #504:
URL: https://github.com/apache/cordova-cli/issues/504
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@cordova.apache.org
For additional commands, e-mail: issues-help@cordova.apache.org