You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@cordova.apache.org by Bryan Ellis <er...@apache.org> on 2022/12/26 06:47:15 UTC

[VOTE] cordova-create 4.1.0 Release

Please review and vote on this cordova-create release v4.1.0
by replying to this email (and keep discussion on the DISCUSS thread)

The archive has been published to dist/dev:
https://dist.apache.org/repos/dist/dev/cordova/create-4.1.0

The package was published from its corresponding git tag:
    cordova-create: 4.1.0 (d191119db4)

Upon a successful vote I will upload the archive to dist/, publish it to npm, and post the blog post.

Voting guidelines: https://github.com/apache/cordova-coho/blob/master/docs/release-voting.md

Voting will go on for a minimum of 48 hours.

====

I vote +1:

* Ran coho audit-license-headers over the relevant repos
* Ran coho check-license to ensure all dependencies and sub-dependencies have Apache-compatible licenses
* Ensured the continuous build was green when repo was tagged
* Ran `npm test`
* Ran `npm audit`

  found 0 vulnerabilities

* Ran various `cordova` test w/ sample app:
  * `cordova`
  * `cordova -v`
  * `cordova create`
  * `cordova info`
  * `cordova help`
  * `cordova config ls`
  * `cordova requirements`
  * `cordova telemetry`
  * `cordova plugin`
  * `cordova plugin add`
  * `cordova plugin rm`
  * `cordova platform`
  * `cordova platform add`
  * `cordova platform rm`
  * `cordova build`
  * `cordova prepare`
  * `cordova compile`
  * `cordova run`
  * `cordova serve`


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@cordova.apache.org
For additional commands, e-mail: dev-help@cordova.apache.org

Re: [VOTE] cordova-create 4.1.0 Release

Posted by Bryan Ellis <er...@apache.org>.

The vote has now closed. The results are:

Positive Binding Votes: 3

Bryan Ellis
Niklas Merz
Norman Breau

Negative Binding Votes: 0

Other Votes: 0

The vote has passed.



> On Jan 2, 2023, at 03:10, Norman Breau <no...@nbsolutions.ca> wrote:
> 
> I vote +1:
> 
> * Verified Archive
> * Verified Tags
> * Ran NPM Audit (see notes)
> * Unit tests runs successfully locally
> 
> NPM audit reports:
> 
> json5  <2.2.2
> Severity: high
> Prototype Pollution in JSON5 via Parse Method - https://github.com/advisories/GHSA-9c47-m6qq-7p4h
> 
> This comes from a sub development dependency of @cordova/eslint-config and the issue exists on current production releases. Due to these reasons, I don't consider this a blocker for this release and can be resolved on our next release.
> 
> On 2022-12-28 5:50 a.m., Niklas Merz wrote:
>> I vote +1
>> 
>> * signature & hash ok
>> * no audit issues
>> * tag ok
>> * changes look good
>> * tests pass locally
>> 
>> On December 26, 2022, Erisu <er...@apache.org> wrote:
>>> Please review and vote on this cordova-create release v4.1.0
>>> by replying to this email (and keep discussion on the DISCUSS thread)
>>> 
>>> The archive has been published to dist/dev:
>>> https://dist.apache.org/repos/dist/dev/cordova/create-4.1.0
>>> 
>>> The package was published from its corresponding git tag:
>>>  cordova-create: 4.1.0 (d191119db4)
>>> 
>>> Upon a successful vote I will upload the archive to dist/, publish it
>>> to npm, and post the blog post.
>>> 
>>> Voting guidelines: https://github.com/apache/cordova-
>>> coho/blob/master/docs/release-voting.md
>>> 
>>> Voting will go on for a minimum of 48 hours.
>>> 
>>> ====
>>> 
>>> I vote +1:
>>> 
>>> * Ran coho audit-license-headers over the relevant repos
>>> * Ran coho check-license to ensure all dependencies and sub-
>>> dependencies have Apache-compatible licenses
>>> * Ensured the continuous build was green when repo was tagged
>>> * Ran `npm test`
>>> * Ran `npm audit`
>>> 
>>>  found 0 vulnerabilities
>>> 
>>> * Ran various `cordova` test w/ sample app:
>>>  * `cordova`
>>>  * `cordova -v`
>>>  * `cordova create`
>>>  * `cordova info`
>>>  * `cordova help`
>>>  * `cordova config ls`
>>>  * `cordova requirements`
>>>  * `cordova telemetry`
>>>  * `cordova plugin`
>>>  * `cordova plugin add`
>>>  * `cordova plugin rm`
>>>  * `cordova platform`
>>>  * `cordova platform add`
>>>  * `cordova platform rm`
>>>  * `cordova build`
>>>  * `cordova prepare`
>>>  * `cordova compile`
>>>  * `cordova run`
>>>  * `cordova serve`
>>> 
>>> 
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: dev-unsubscribe@cordova.apache.org
>>> For additional commands, e-mail: dev-help@cordova.apache.org
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@cordova.apache.org
> For additional commands, e-mail: dev-help@cordova.apache.org
>

Re: [VOTE] cordova-create 4.1.0 Release

Posted by Norman Breau <no...@nbsolutions.ca>.

I vote +1:

* Verified Archive
* Verified Tags
* Ran NPM Audit (see notes)
* Unit tests runs successfully locally

NPM audit reports:

json5  <2.2.2
Severity: high
Prototype Pollution in JSON5 via Parse Method - 
https://github.com/advisories/GHSA-9c47-m6qq-7p4h

This comes from a sub development dependency of @cordova/eslint-config 
and the issue exists on current production releases. Due to these 
reasons, I don't consider this a blocker for this release and can be 
resolved on our next release.

On 2022-12-28 5:50 a.m., Niklas Merz wrote:
> I vote +1
>
> * signature & hash ok
> * no audit issues
> * tag ok
> * changes look good
> * tests pass locally
>
> On December 26, 2022, Erisu <er...@apache.org> wrote:
>> Please review and vote on this cordova-create release v4.1.0
>> by replying to this email (and keep discussion on the DISCUSS thread)
>>
>> The archive has been published to dist/dev:
>> https://dist.apache.org/repos/dist/dev/cordova/create-4.1.0
>>
>> The package was published from its corresponding git tag:
>>   cordova-create: 4.1.0 (d191119db4)
>>
>> Upon a successful vote I will upload the archive to dist/, publish it
>> to npm, and post the blog post.
>>
>> Voting guidelines: https://github.com/apache/cordova-
>> coho/blob/master/docs/release-voting.md
>>
>> Voting will go on for a minimum of 48 hours.
>>
>> ====
>>
>> I vote +1:
>>
>> * Ran coho audit-license-headers over the relevant repos
>> * Ran coho check-license to ensure all dependencies and sub-
>> dependencies have Apache-compatible licenses
>> * Ensured the continuous build was green when repo was tagged
>> * Ran `npm test`
>> * Ran `npm audit`
>>
>>   found 0 vulnerabilities
>>
>> * Ran various `cordova` test w/ sample app:
>>   * `cordova`
>>   * `cordova -v`
>>   * `cordova create`
>>   * `cordova info`
>>   * `cordova help`
>>   * `cordova config ls`
>>   * `cordova requirements`
>>   * `cordova telemetry`
>>   * `cordova plugin`
>>   * `cordova plugin add`
>>   * `cordova plugin rm`
>>   * `cordova platform`
>>   * `cordova platform add`
>>   * `cordova platform rm`
>>   * `cordova build`
>>   * `cordova prepare`
>>   * `cordova compile`
>>   * `cordova run`
>>   * `cordova serve`
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe@cordova.apache.org
>> For additional commands, e-mail: dev-help@cordova.apache.org

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@cordova.apache.org
For additional commands, e-mail: dev-help@cordova.apache.org

Re: [VOTE] cordova-create 4.1.0 Release

Posted by Niklas Merz <ni...@apache.org>.

I vote +1

* signature & hash ok
* no audit issues
* tag ok
* changes look good
* tests pass locally

On December 26, 2022, Erisu <er...@apache.org> wrote:
> Please review and vote on this cordova-create release v4.1.0
> by replying to this email (and keep discussion on the DISCUSS thread)
>
> The archive has been published to dist/dev:
> https://dist.apache.org/repos/dist/dev/cordova/create-4.1.0
>
> The package was published from its corresponding git tag:
>  cordova-create: 4.1.0 (d191119db4)
>
> Upon a successful vote I will upload the archive to dist/, publish it
> to npm, and post the blog post.
>
> Voting guidelines: https://github.com/apache/cordova-
> coho/blob/master/docs/release-voting.md
>
> Voting will go on for a minimum of 48 hours.
>
> ====
>
> I vote +1:
>
> * Ran coho audit-license-headers over the relevant repos
> * Ran coho check-license to ensure all dependencies and sub-
> dependencies have Apache-compatible licenses
> * Ensured the continuous build was green when repo was tagged
> * Ran `npm test`
> * Ran `npm audit`
>
>  found 0 vulnerabilities
>
> * Ran various `cordova` test w/ sample app:
>  * `cordova`
>  * `cordova -v`
>  * `cordova create`
>  * `cordova info`
>  * `cordova help`
>  * `cordova config ls`
>  * `cordova requirements`
>  * `cordova telemetry`
>  * `cordova plugin`
>  * `cordova plugin add`
>  * `cordova plugin rm`
>  * `cordova platform`
>  * `cordova platform add`
>  * `cordova platform rm`
>  * `cordova build`
>  * `cordova prepare`
>  * `cordova compile`
>  * `cordova run`
>  * `cordova serve`
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@cordova.apache.org
> For additional commands, e-mail: dev-help@cordova.apache.org