The vote has now closed. The results are: Positive Binding Votes: 3
* Bryan Ellis * Niklas Merz * Ken Naito Negative Binding Votes: 0 The vote has passed. Thanks everyone! On Mon, Aug 3, 2020 at 4:18 PM Ken Naito <k...@monaca.io> wrote: > +1 > > I did > * coho verify-archive OK > * coho verify-tags OK > * The last commit 39102ae86115ea0f93f7b8905e759b4dbd85209b is green. > > > > On 2020/07/31 9:56, Bryan Ellis wrote: > > Please review and vote on this cordova-cli release v10.0.0 > > by replying to this email (and keep discussion on the DISCUSS thread) > > > > The archive has been published to dist/dev: > > https://dist.apache.org/repos/dist/dev/cordova/cli-10.0.0 > > > > The package was published from its corresponding git tag: > > cordova-cli: 10.0.0 (39102ae861) > > > > Upon a successful vote I will upload the archive to dist/, publish it to > npm, and post the blog post. > > > > Voting guidelines: > https://github.com/apache/cordova-coho/blob/master/docs/release-voting.md > > > > Voting will go on for a minimum of 48 hours. > > > > I vote +1: > > > > * Ran coho audit-license-headers over the relevant repos > > * Ran coho check-license to ensure all dependencies and sub-dependencies > have Apache-compatible licenses > > * Ensured the continuous build was green when repo was tagged > > * Ensured the npm audit report was sufficient for release > > * Ran `npm audit` (* See Below Report *) > > * Ran `npm test` > > * Ran various `cordova` test w/ sample app: > > * `cordova` > > * `cordova -v` > > * `cordova create` > > * `cordova info` > > * `cordova help` > > * `cordova config ls` > > * `cordova requirements` > > * `cordova telemetry` > > * `cordova plugin` > > * `cordova plugin add` > > * `cordova plugin rm` > > * `cordova platform` > > * `cordova platform add` > > * `cordova platform rm` > > * `cordova build` > > * `cordova prepare` > > * `cordova compile` > > * `cordova run` > > * `cordova serve` > > > > === NPM Audit Report === > > > > 1 high severity vulnerability detected. > > > > This is coming from the package `dot-prop` which is a dependency of > `insight`. The exact dependency path is `insight > conf > dot-prop` > > > > **Currently there is no solution on Cordova's end.** > > > > The `dot-prop` has been patched but the following path to the dependency > has not updated. > > > > Rebuilding the `package-lock.json` has no effect and the dependency > `insight` is currently at latest release. > > > > The dependency `insight` has an open issue for the follow issue: > https://github.com/yeoman/insight/issues/71 > > > > ======================== > > > > > > > >
