Please review and vote on this cordova-cli release v10.0.0 by replying to this email (and keep discussion on the DISCUSS thread)
The archive has been published to dist/dev: https://dist.apache.org/repos/dist/dev/cordova/cli-10.0.0 The package was published from its corresponding git tag: cordova-cli: 10.0.0 (39102ae861) Upon a successful vote I will upload the archive to dist/, publish it to npm, and post the blog post. Voting guidelines: https://github.com/apache/cordova-coho/blob/master/docs/release-voting.md Voting will go on for a minimum of 48 hours. I vote +1: * Ran coho audit-license-headers over the relevant repos * Ran coho check-license to ensure all dependencies and sub-dependencies have Apache-compatible licenses * Ensured the continuous build was green when repo was tagged * Ensured the npm audit report was sufficient for release * Ran `npm audit` (* See Below Report *) * Ran `npm test` * Ran various `cordova` test w/ sample app: * `cordova` * `cordova -v` * `cordova create` * `cordova info` * `cordova help` * `cordova config ls` * `cordova requirements` * `cordova telemetry` * `cordova plugin` * `cordova plugin add` * `cordova plugin rm` * `cordova platform` * `cordova platform add` * `cordova platform rm` * `cordova build` * `cordova prepare` * `cordova compile` * `cordova run` * `cordova serve` === NPM Audit Report === 1 high severity vulnerability detected. This is coming from the package `dot-prop` which is a dependency of `insight`. The exact dependency path is `insight > conf > dot-prop` **Currently there is no solution on Cordova's end.** The `dot-prop` has been patched but the following path to the dependency has not updated. Rebuilding the `package-lock.json` has no effect and the dependency `insight` is currently at latest release. The dependency `insight` has an open issue for the follow issue: https://github.com/yeoman/insight/issues/71 ========================
