I vote +1 I checked:
* hash and singature valid * verified tags * audit issue seems ok * tests pass locally * CI green * successfully used some commands on an existing app * creating a new upp July 31, 2020 2:57 AM, "Bryan Ellis" <er...@apache.org> wrote: > Please review and vote on this cordova-cli release v10.0.0 > by replying to this email (and keep discussion on the DISCUSS thread) > > The archive has been published to dist/dev: > https://dist.apache.org/repos/dist/dev/cordova/cli-10.0.0 > > The package was published from its corresponding git tag: > cordova-cli: 10.0.0 (39102ae861) > > Upon a successful vote I will upload the archive to dist/, publish it to npm, > and post the blog > post. > > Voting guidelines: > https://github.com/apache/cordova-coho/blob/master/docs/release-voting.md > > Voting will go on for a minimum of 48 hours. > > I vote +1: > > * Ran coho audit-license-headers over the relevant repos > * Ran coho check-license to ensure all dependencies and sub-dependencies have > Apache-compatible > licenses > * Ensured the continuous build was green when repo was tagged > * Ensured the npm audit report was sufficient for release > * Ran `npm audit` (* See Below Report *) > * Ran `npm test` > * Ran various `cordova` test w/ sample app: > * `cordova` > * `cordova -v` > * `cordova create` > * `cordova info` > * `cordova help` > * `cordova config ls` > * `cordova requirements` > * `cordova telemetry` > * `cordova plugin` > * `cordova plugin add` > * `cordova plugin rm` > * `cordova platform` > * `cordova platform add` > * `cordova platform rm` > * `cordova build` > * `cordova prepare` > * `cordova compile` > * `cordova run` > * `cordova serve` > > === NPM Audit Report === > > 1 high severity vulnerability detected. > > This is coming from the package `dot-prop` which is a dependency of > `insight`. The exact dependency > path is `insight > conf > dot-prop` > > **Currently there is no solution on Cordova's end.** > > The `dot-prop` has been patched but the following path to the dependency has > not updated. > > Rebuilding the `package-lock.json` has no effect and the dependency `insight` > is currently at > latest release. > > The dependency `insight` has an open issue for the follow issue: > https://github.com/yeoman/insight/issues/71 > > ======================== --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org For additional commands, e-mail: dev-h...@cordova.apache.org
