Hey folks, There have been a number of commits[1] to cordova-common since the previous release, primarily related to bringing outdated dependencies up to date and tackling a backlog of bugfix pull requests.
As you may know, npm 6 has been released and includes an audit feature to warn about packages using dependencies with known security vulnerabilities. The current release of cordova-common causes a few of these warnings due to dependencies relying on old versions of things like request and lodash. The dependency updates that have been merge on master allow cordova-common to install with 0 vulnerability warnings. We're starting to look at some bigger cleanups[2] and dependency updates that might need to involve a major version bump, so I think now is a good time to do a release of cordova-common before any of those larger changes are merged. We've been talking about doing a tools release for a while, but I think starting with a release of just cordova-common is better than nothing. Any thoughts or concerns? ~Darryl [1] https://github.com/apache/cordova-common/compare/2.2.1...master [2] https://github.com/apache/cordova-common/pull/21 --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org For additional commands, e-mail: dev-h...@cordova.apache.org
