[ https://issues.apache.org/jira/browse/CB-14145?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16537832#comment-16537832 ]
ASF subversion and git services commented on CB-14145: ------------------------------------------------------ Commit 80e3a5130d70c5ad88850468389e89e2ed275c63 in cordova-node-xcode's branch refs/heads/master from Christopher J. Brody [ https://gitbox.apache.org/repos/asf?p=cordova-node-xcode.git;h=80e3a51 ] CB-14145 explicit nodeunit@^0.11.3 update > Resolve npm audit issues > ------------------------ > > Key: CB-14145 > URL: https://issues.apache.org/jira/browse/CB-14145 > Project: Apache Cordova > Issue Type: Bug > Components: cordova-android, cordova-app-hello-world, > cordova-browser, cordova-cli, cordova-coho, cordova-common, cordova-ios, > cordova-js, cordova-lib, cordova-osx, cordova-plugman, cordova-windows > Reporter: Chris Brody > Assignee: Chris Brody > Priority: Major > > From private discussions I discovered that running {{npm audit}} on a number > of components would report dependencies with security issues. While we could > not see any {{npm audit}} issues that may affect applications built using > Cordova I think it is extremely important to resolve these issues as soon as > possible. Most affect devDependencies used for testing of Cordova itself; a > minority seem to affect Cordova scripts that may be run by Cordova > application developers. Better safe than sorry! > I would like to resolve this issue as follows: > * patch release of common library components such as {{cordova-common}}, > {{cordova-lib}}, etc. (fixed in minor release branch) > * patch or minor release of other affected components such as CLI, Cordova > platform implementations, major plugins, etc. (expected to be fixed in minor > release branch; do not want to pollute the master branch with extra reverts, > updated node_modules committed, etc.) > * {{npm audit}} issues resolved in master branch for next major release, > which should NOT be shipped with any {{npm audit}} issues lurking > * {{npm audit}} step added to CI for both patch release and next major release -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@cordova.apache.org For additional commands, e-mail: issues-h...@cordova.apache.org