You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@cordova.apache.org by "Chris Brody (JIRA)" <ji...@apache.org> on 2018/08/13 12:43:00 UTC

[jira] [Updated] (CB-14145) Resolve npm audit issues in platforms - patch updates

     [ https://issues.apache.org/jira/browse/CB-14145?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Chris Brody updated CB-14145:
-----------------------------
    Summary: Resolve npm audit issues in platforms - patch updates  (was: Resolve npm audit issues)

> Resolve npm audit issues in platforms - patch updates
> -----------------------------------------------------
>
>                 Key: CB-14145
>                 URL: https://issues.apache.org/jira/browse/CB-14145
>             Project: Apache Cordova
>          Issue Type: Bug
>          Components: cordova-android, cordova-browser, cordova-coho, cordova-common, cordova-ios, cordova-js, cordova-osx, cordova-windows
>            Reporter: Chris Brody
>            Assignee: Chris Brody
>            Priority: Major
>
> From private discussions I discovered that running {{npm audit}} on a number of components would report dependencies with security issues. While we could not see any {{npm audit}} issues that may affect applications built using Cordova I think it is extremely important to resolve these issues as soon as possible. Most affect devDependencies used for testing of Cordova itself; a minority seem to affect Cordova scripts that may be run by Cordova application developers. Better safe than sorry!
> I would like to resolve this issue as follows:
> * patch release of common library components such as {{cordova-common}}, {{cordova-lib}}, etc. (fixed in minor release branch)
> * patch or minor release of other affected components such as CLI, Cordova platform implementations, major plugins, etc. (expected to be fixed in minor release branch; do not want to pollute the master branch with extra reverts, updated node_modules committed, etc.)
> * {{npm audit}} issues resolved in master branch for next major release, which should NOT be shipped with any {{npm audit}} issues lurking
> * {{npm audit}} step added to CI for both patch release and next major release



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@cordova.apache.org
For additional commands, e-mail: issues-help@cordova.apache.org