Chris Brody created CB-14145:
--------------------------------
Summary: Resolve npm audit issues
Key: CB-14145
URL: https://issues.apache.org/jira/browse/CB-14145
Project: Apache Cordova
Issue Type: Bug
Components: cordova-android, cordova-app-hello-world,
cordova-browser, cordova-cli, cordova-coho, cordova-common, cordova-fetch,
cordova-ios, cordova-js, cordova-lib, cordova-osx, cordova-windows
Reporter: Chris Brody
Assignee: Chris Brody
>From private discussions I discovered that running {{npm audit}} on a number
>of components would report dependencies with security issues. While we could
>not see any {{npm audit}} issues that may affect applications built using
>Cordova I think it is extremely important to resolve these issues as soon as
>possible. Most affect devDependencies used for testing of Cordova itself; a
>minority seem to affect Cordova scripts that may be run by Cordova application
>developers. Better safe than sorry!
I would like to resolve this issue as follows:
* patch release of common library components such as {{cordova-common}},
{{cordova-lib}}, etc. (fixed in minor release branch)
* patch or minor release of other affected components such as CLI, Cordova
platform implementations, major plugins, etc. (expected to be fixed in minor
release branch; do not want to pollute the master branch with extra reverts,
updated node_modules committed, etc.)
* {{npm audit}} issues resolved in master branch for next major release, which
should NOT be shipped with any {{npm audit}} issues lurking
* {{npm audit}} step added to CI for both patch release and next major release
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
