You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cordova.apache.org by GitBox <gi...@apache.org> on 2018/06/20 20:37:41 UTC
[GitHub] brodybits commented on issue #451: CB-14145: update to
cordova-common@2.2.4 to resolve npm audit & other issues in patch release
brodybits commented on issue #451: CB-14145: update to cordova-common@2.2.4 to resolve npm audit & other issues in patch release
URL: https://github.com/apache/cordova-android/pull/451#issuecomment-398888401
> I've cherry-picked all code fix commits from master that I could identify.
Thanks @raphinesse, updated title yet again to reflect what we actually want to do in the patch release.
TBH I have some mixed feelings, though not major. In general I would rather avoid including other fixes when making a security related patch. For a security patch we want the least risk possible that something goes wrong and the "end" user decides to roll back.
I think the actual security risk is very low. In general I would rather keep it this way.
Another really strange thing is that f05e61db07ff7b7acbcadaa6427b7b12eaac8950 seems to have a MacBook-Pro.local address, not linked to any user on GitHub.
What do you think, any comments?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cordova.apache.org
For additional commands, e-mail: commits-help@cordova.apache.org