+1 Release early, release often 😁
Darryl Pogue <[email protected]> schrieb am Mi., 30. Mai 2018, 09:20: > Hey folks, > > There have been a number of commits[1] to cordova-common since the previous > release, primarily related to bringing outdated dependencies up to date and > tackling a backlog of bugfix pull requests. > > As you may know, npm 6 has been released and includes an audit feature to > warn about packages using dependencies with known security vulnerabilities. > The current release of cordova-common causes a few of these warnings due to > dependencies relying on old versions of things like request and lodash. > The dependency updates that have been merge on master allow cordova-common > to install with 0 vulnerability warnings. > > We're starting to look at some bigger cleanups[2] and dependency updates > that might need to involve a major version bump, so I think now is a good > time to do a release of cordova-common before any of those larger changes > are merged. > > We've been talking about doing a tools release for a while, but I think > starting with a release of just cordova-common is better than nothing. > > Any thoughts or concerns? > > ~Darryl > > [1] https://github.com/apache/cordova-common/compare/2.2.1...master > [2] https://github.com/apache/cordova-common/pull/21 > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > >
