cordova-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CB-14145) Resolve npm audit issues
Date Wed, 04 Jul 2018 12:01:00 GMT

    [ https://issues.apache.org/jira/browse/CB-14145?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16532655#comment-16532655
] 

ASF GitHub Bot commented on CB-14145:
-------------------------------------

codecov-io edited a comment on issue #451: CB-14145: update to cordova-common@2.2.4 to resolve
npm audit & other issues in patch release
URL: https://github.com/apache/cordova-android/pull/451#issuecomment-397028390
 
 
   # [Codecov](https://codecov.io/gh/apache/cordova-android/pull/451?src=pr&el=h1) Report
   > Merging [#451](https://codecov.io/gh/apache/cordova-android/pull/451?src=pr&el=desc)
into [7.1.x](https://codecov.io/gh/apache/cordova-android/commit/0bd3309323612bc9d4e8bac474bbb185ab93e1a0?src=pr&el=desc)
will **not change** coverage.
   > The diff coverage is `n/a`.
   
   [![Impacted file tree graph](https://codecov.io/gh/apache/cordova-android/pull/451/graphs/tree.svg?width=650&height=150&src=pr&token=q14nMf6C5a)](https://codecov.io/gh/apache/cordova-android/pull/451?src=pr&el=tree)
   
   ```diff
   @@           Coverage Diff           @@
   ##            7.1.x     #451   +/-   ##
   =======================================
     Coverage   43.95%   43.95%           
   =======================================
     Files          17       17           
     Lines        1711     1711           
     Branches      318      318           
   =======================================
     Hits          752      752           
     Misses        959      959
   ```
   
   
   
   ------
   
   [Continue to review full report at Codecov](https://codecov.io/gh/apache/cordova-android/pull/451?src=pr&el=continue).
   > **Legend** - [Click here to learn more](https://docs.codecov.io/docs/codecov-delta)
   > `Δ = absolute <relative> (impact)`, `ø = not affected`, `? = missing data`
   > Powered by [Codecov](https://codecov.io/gh/apache/cordova-android/pull/451?src=pr&el=footer).
Last update [0bd3309...475cca6](https://codecov.io/gh/apache/cordova-android/pull/451?src=pr&el=lastupdated).
Read the [comment docs](https://docs.codecov.io/docs/pull-request-comments).
   

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


> Resolve npm audit issues
> ------------------------
>
>                 Key: CB-14145
>                 URL: https://issues.apache.org/jira/browse/CB-14145
>             Project: Apache Cordova
>          Issue Type: Bug
>          Components: cordova-android, cordova-app-hello-world, cordova-browser, cordova-cli,
cordova-coho, cordova-common, cordova-ios, cordova-js, cordova-lib, cordova-osx, cordova-plugman,
cordova-windows
>            Reporter: Chris Brody
>            Assignee: Chris Brody
>            Priority: Major
>
> From private discussions I discovered that running {{npm audit}} on a number of components
would report dependencies with security issues. While we could not see any {{npm audit}} issues
that may affect applications built using Cordova I think it is extremely important to resolve
these issues as soon as possible. Most affect devDependencies used for testing of Cordova
itself; a minority seem to affect Cordova scripts that may be run by Cordova application developers.
Better safe than sorry!
> I would like to resolve this issue as follows:
> * patch release of common library components such as {{cordova-common}}, {{cordova-lib}},
etc. (fixed in minor release branch)
> * patch or minor release of other affected components such as CLI, Cordova platform implementations,
major plugins, etc. (expected to be fixed in minor release branch; do not want to pollute
the master branch with extra reverts, updated node_modules committed, etc.)
> * {{npm audit}} issues resolved in master branch for next major release, which should
NOT be shipped with any {{npm audit}} issues lurking
> * {{npm audit}} step added to CI for both patch release and next major release



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@cordova.apache.org
For additional commands, e-mail: issues-help@cordova.apache.org


Mime
View raw message