You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cordova.apache.org by Bryan Ellis <er...@apache.org> on 2022/12/26 06:47:15 UTC
[VOTE] cordova-create 4.1.0 Release
Please review and vote on this cordova-create release v4.1.0
by replying to this email (and keep discussion on the DISCUSS thread)
The archive has been published to dist/dev:
https://dist.apache.org/repos/dist/dev/cordova/create-4.1.0
The package was published from its corresponding git tag:
cordova-create: 4.1.0 (d191119db4)
Upon a successful vote I will upload the archive to dist/, publish it to npm, and post the blog post.
Voting guidelines: https://github.com/apache/cordova-coho/blob/master/docs/release-voting.md
Voting will go on for a minimum of 48 hours.
====
I vote +1:
* Ran coho audit-license-headers over the relevant repos
* Ran coho check-license to ensure all dependencies and sub-dependencies have Apache-compatible licenses
* Ensured the continuous build was green when repo was tagged
* Ran `npm test`
* Ran `npm audit`
found 0 vulnerabilities
* Ran various `cordova` test w/ sample app:
* `cordova`
* `cordova -v`
* `cordova create`
* `cordova info`
* `cordova help`
* `cordova config ls`
* `cordova requirements`
* `cordova telemetry`
* `cordova plugin`
* `cordova plugin add`
* `cordova plugin rm`
* `cordova platform`
* `cordova platform add`
* `cordova platform rm`
* `cordova build`
* `cordova prepare`
* `cordova compile`
* `cordova run`
* `cordova serve`
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@cordova.apache.org
For additional commands, e-mail: dev-help@cordova.apache.org
Re: [VOTE] cordova-create 4.1.0 Release
Posted by Bryan Ellis <er...@apache.org>.
The vote has now closed. The results are:
Positive Binding Votes: 3
Bryan Ellis
Niklas Merz
Norman Breau
Negative Binding Votes: 0
Other Votes: 0
The vote has passed.
> On Jan 2, 2023, at 03:10, Norman Breau <no...@nbsolutions.ca> wrote:
>
> I vote +1:
>
> * Verified Archive
> * Verified Tags
> * Ran NPM Audit (see notes)
> * Unit tests runs successfully locally
>
> NPM audit reports:
>
> json5 <2.2.2
> Severity: high
> Prototype Pollution in JSON5 via Parse Method - https://github.com/advisories/GHSA-9c47-m6qq-7p4h
>
> This comes from a sub development dependency of @cordova/eslint-config and the issue exists on current production releases. Due to these reasons, I don't consider this a blocker for this release and can be resolved on our next release.
>
> On 2022-12-28 5:50 a.m., Niklas Merz wrote:
>> I vote +1
>>
>> * signature & hash ok
>> * no audit issues
>> * tag ok
>> * changes look good
>> * tests pass locally
>>
>> On December 26, 2022, Erisu <er...@apache.org> wrote:
>>> Please review and vote on this cordova-create release v4.1.0
>>> by replying to this email (and keep discussion on the DISCUSS thread)
>>>
>>> The archive has been published to dist/dev:
>>> https://dist.apache.org/repos/dist/dev/cordova/create-4.1.0
>>>
>>> The package was published from its corresponding git tag:
>>> cordova-create: 4.1.0 (d191119db4)
>>>
>>> Upon a successful vote I will upload the archive to dist/, publish it
>>> to npm, and post the blog post.
>>>
>>> Voting guidelines: https://github.com/apache/cordova-
>>> coho/blob/master/docs/release-voting.md
>>>
>>> Voting will go on for a minimum of 48 hours.
>>>
>>> ====
>>>
>>> I vote +1:
>>>
>>> * Ran coho audit-license-headers over the relevant repos
>>> * Ran coho check-license to ensure all dependencies and sub-
>>> dependencies have Apache-compatible licenses
>>> * Ensured the continuous build was green when repo was tagged
>>> * Ran `npm test`
>>> * Ran `npm audit`
>>>
>>> found 0 vulnerabilities
>>>
>>> * Ran various `cordova` test w/ sample app:
>>> * `cordova`
>>> * `cordova -v`
>>> * `cordova create`
>>> * `cordova info`
>>> * `cordova help`
>>> * `cordova config ls`
>>> * `cordova requirements`
>>> * `cordova telemetry`
>>> * `cordova plugin`
>>> * `cordova plugin add`
>>> * `cordova plugin rm`
>>> * `cordova platform`
>>> * `cordova platform add`
>>> * `cordova platform rm`
>>> * `cordova build`
>>> * `cordova prepare`
>>> * `cordova compile`
>>> * `cordova run`
>>> * `cordova serve`
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: dev-unsubscribe@cordova.apache.org
>>> For additional commands, e-mail: dev-help@cordova.apache.org
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@cordova.apache.org
> For additional commands, e-mail: dev-help@cordova.apache.org
>
Re: [VOTE] cordova-create 4.1.0 Release
Posted by Norman Breau <no...@nbsolutions.ca>.
I vote +1:
* Verified Archive
* Verified Tags
* Ran NPM Audit (see notes)
* Unit tests runs successfully locally
NPM audit reports:
json5 <2.2.2
Severity: high
Prototype Pollution in JSON5 via Parse Method -
https://github.com/advisories/GHSA-9c47-m6qq-7p4h
This comes from a sub development dependency of @cordova/eslint-config
and the issue exists on current production releases. Due to these
reasons, I don't consider this a blocker for this release and can be
resolved on our next release.
On 2022-12-28 5:50 a.m., Niklas Merz wrote:
> I vote +1
>
> * signature & hash ok
> * no audit issues
> * tag ok
> * changes look good
> * tests pass locally
>
> On December 26, 2022, Erisu <er...@apache.org> wrote:
>> Please review and vote on this cordova-create release v4.1.0
>> by replying to this email (and keep discussion on the DISCUSS thread)
>>
>> The archive has been published to dist/dev:
>> https://dist.apache.org/repos/dist/dev/cordova/create-4.1.0
>>
>> The package was published from its corresponding git tag:
>> cordova-create: 4.1.0 (d191119db4)
>>
>> Upon a successful vote I will upload the archive to dist/, publish it
>> to npm, and post the blog post.
>>
>> Voting guidelines: https://github.com/apache/cordova-
>> coho/blob/master/docs/release-voting.md
>>
>> Voting will go on for a minimum of 48 hours.
>>
>> ====
>>
>> I vote +1:
>>
>> * Ran coho audit-license-headers over the relevant repos
>> * Ran coho check-license to ensure all dependencies and sub-
>> dependencies have Apache-compatible licenses
>> * Ensured the continuous build was green when repo was tagged
>> * Ran `npm test`
>> * Ran `npm audit`
>>
>> found 0 vulnerabilities
>>
>> * Ran various `cordova` test w/ sample app:
>> * `cordova`
>> * `cordova -v`
>> * `cordova create`
>> * `cordova info`
>> * `cordova help`
>> * `cordova config ls`
>> * `cordova requirements`
>> * `cordova telemetry`
>> * `cordova plugin`
>> * `cordova plugin add`
>> * `cordova plugin rm`
>> * `cordova platform`
>> * `cordova platform add`
>> * `cordova platform rm`
>> * `cordova build`
>> * `cordova prepare`
>> * `cordova compile`
>> * `cordova run`
>> * `cordova serve`
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe@cordova.apache.org
>> For additional commands, e-mail: dev-help@cordova.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@cordova.apache.org
For additional commands, e-mail: dev-help@cordova.apache.org
Re: [VOTE] cordova-create 4.1.0 Release
Posted by Niklas Merz <ni...@apache.org>.
I vote +1
* signature & hash ok
* no audit issues
* tag ok
* changes look good
* tests pass locally
On December 26, 2022, Erisu <er...@apache.org> wrote:
> Please review and vote on this cordova-create release v4.1.0
> by replying to this email (and keep discussion on the DISCUSS thread)
>
> The archive has been published to dist/dev:
> https://dist.apache.org/repos/dist/dev/cordova/create-4.1.0
>
> The package was published from its corresponding git tag:
> cordova-create: 4.1.0 (d191119db4)
>
> Upon a successful vote I will upload the archive to dist/, publish it
> to npm, and post the blog post.
>
> Voting guidelines: https://github.com/apache/cordova-
> coho/blob/master/docs/release-voting.md
>
> Voting will go on for a minimum of 48 hours.
>
> ====
>
> I vote +1:
>
> * Ran coho audit-license-headers over the relevant repos
> * Ran coho check-license to ensure all dependencies and sub-
> dependencies have Apache-compatible licenses
> * Ensured the continuous build was green when repo was tagged
> * Ran `npm test`
> * Ran `npm audit`
>
> found 0 vulnerabilities
>
> * Ran various `cordova` test w/ sample app:
> * `cordova`
> * `cordova -v`
> * `cordova create`
> * `cordova info`
> * `cordova help`
> * `cordova config ls`
> * `cordova requirements`
> * `cordova telemetry`
> * `cordova plugin`
> * `cordova plugin add`
> * `cordova plugin rm`
> * `cordova platform`
> * `cordova platform add`
> * `cordova platform rm`
> * `cordova build`
> * `cordova prepare`
> * `cordova compile`
> * `cordova run`
> * `cordova serve`
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@cordova.apache.org
> For additional commands, e-mail: dev-help@cordova.apache.org