Hi Gandhi, There is an issue with this repo in that cordova-js uses a jasmine-node version that depends on a non-secure version of growl. This is not a trivial fix as moving to the recommended jasmine-node@2.0.1 is a breaking change. I am not completely of the mind that updating is the right approach here, as I think in many ways the cordova-js project is outdated, and the whole process of generating platform specific cordova.js files needs to be rethought.
Personally, this does not block me ... I do the following: ⚡ npm i audited 684 packages in 2.085s found 1 critical severity vulnerability run `npm audit fix` to fix them, or `npm audit` for details ⚡ npx grunt ... succeeds ⚡ npx grunt compile:windows Running "compile:windows" (compile) task generated cordova.windows.js @ 243e7aac8cee0108927df0253118e36857ab9fc7 in 5ms Done. The typical way a platform is released is to use cordova-coho. ex. `coho prepare-platform-release-branch -r cordova-android --version 9.9.9` This takes care of all the tagging, building/copying of cordova.js to the correct platform folder. About the mobile-spec workflow, I have not done this is a long time, this was more important when we were breaking things a lot. One expectation of the tooling that may not be explicitly listed is that all repos are expected to be cloned as peers. cordova-coho has commands that can help manage the multitude of repos for you. Not sure if this helps you move forward, I am happy to dig into this more with you. Cheers, Jesse @purplecabbage risingj.com On Tue, Oct 23, 2018 at 10:22 PM gandhi rajan <gandhiraja...@gmail.com> wrote: > Hi All, > > I was trying to understand the release process for Cordova platforms as > mentioned in the following link - > > https://github.com/apache/cordova-coho/blob/master/docs/platforms-release-process.md > . > > While following the steps mentioned to test plugins with > cordova-mobile-spec project, I got an error stating cordova-js module is > not installed. When I tried to install cordova-js, the installation fails > stating one critical severity vulnerability.On running npm audit on > cordova-js, it states that the critical vulnerability is related to growl > version. > > Can someone let me know whether I m missing some steps which is causing > this issue or it's a vulnerability that needs to be fixed as I m not able > to proceed with cordova-js module installation? > > Any help is really appreciated. Thanks in advance. > > > -- > Regards, > Gandhi > > "The best way to find urself is to lose urself in the service of others > !!!" >
