breautek opened a new pull request #550: URL: https://github.com/apache/cordova-cli/pull/550
<!-- Please make sure the checklist boxes are all checked before submitting the PR. The checklist is intended as a quick reference, for complete details please see our Contributor Guidelines: http://cordova.apache.org/contribute/contribute_guidelines.html Thanks! --> ### Platforms affected ALL ### Motivation and Context <!-- Why is this change required? What problem does it solve? --> <!-- If it fixes an open issue, please link to the issue here. --> Closes #549 ``` # Run npm install [email protected] to resolve 1 vulnerability SEMVER WARNING: Recommended action is a potentially breaking change ┌───────────────┬──────────────────────────────────────────────────────────────┐ │ Moderate │ Command Injection │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Package │ systeminformation │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Dependency of │ systeminformation │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Path │ systeminformation │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ More info │ https://npmjs.com/advisories/1628 │ └───────────────┴──────────────────────────────────────────────────────────────┘ ``` ### Description <!-- Describe your changes in detail --> Upgraded `systeminformation` to the latest version (`5.5.0`). This is a major upgrade, but their supported Node engines is >= 4.0.0, so this is still compatible with our supported engines. They have a list of [https://github.com/sebhildebrandt/systeminformation/blob/master/CHANGELOG.md#breaking-changes](breaking changes), however Cordova only uses `osInfo` which doesn't contain a breaking change. For the reasons above, I believe this upgrade is safe to be included as a patch. ### Testing <!-- Please describe in detail how you tested your changes. --> Manual tests (appears that info command isn't unit tested according to my code editor). Ran `npm test` successfully. ### Checklist - [x] I've run the tests to see all new and existing tests pass - [x] I added automated test coverage as appropriate for this change - [x] Commit is prefixed with `(platform)` if this change only applies to one platform (e.g. `(android)`) - [x] If this Pull Request resolves an issue, I linked to the issue in the text above (and used the correct [keyword to close issues using keywords](https://help.github.com/articles/closing-issues-using-keywords/)) - [x] I've updated the documentation if necessary ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
