The vote has now closed. The results are: Positive Binding Votes: 3
Bryan Ellis Niklas Merz Norman Breau Negative Binding Votes: 0 Other Votes: 0 The vote has passed. > On Jan 2, 2023, at 05:47, Norman Breau <nor...@nbsolutions.ca> wrote: > > I vote +1: > > * Verified Archive > * Verified Tags > * Ran NPM Audit (see notes) > * Unit tests runs locally with 1 error (See notes) > > NPM audit reports: > > json5 <2.2.2 > Severity: high > Prototype Pollution in JSON5 via Parse Method - > https://github.com/advisories/GHSA-9c47-m6qq-7p4h > > This comes from a sub development dependency of @cordova/eslint-config and > the issue exists on current production releases. Due to these reasons, I > don't consider this a blocker for this release and can be resolved on our > next release. > > Regarding "pkgJson platform end-to-end with --save Test#012" failure, I've > investigated this issue and this is something to be addressed, but I do not > believe this issue is a blocker and can be resolved on our next release. In > short, message.split is a jasmine error because we are rejecting with > CordovaError. The underlying error is because we are testing an unrealistic > scenario, probably unintentionally. More details will be in a bug ticket. > > On 2022-12-28 6:15 a.m., Niklas Merz wrote: >> I vote +1 >> >> * signature & hash ok >> * no audit issues >> * license headers ok >> * tag ok >> >> Note: I have one failing test locally -> >> >> 1) pkgJson platform end-to-end with --save Test#012 : platform with >> local path is added correctly with --save >> - Unhandled promise rejection: TypeError: message.split is not a >> function >> at <Jasmine> >> - Error: Timeout - Async function did not complete within 150000ms >> (set by jasmine.DEFAULT_TIMEOUT_INTERVAL) >> at <Jasmine> >> at listOnTimeout (node:internal/timers:559:17) >> at processTimers (node:internal/timers:502:7) >> >> Executed 81 of 81 specs (1 FAILED) in 5 mins 53 secs. >> >> >> On December 26, 2022, Erisu <er...@apache.org> wrote: >>> Please review and vote on this cordova-lib release v11.1.0 >>> by replying to this email (and keep discussion on the DISCUSS thread) >>> >>> The archive has been published to dist/dev: >>> https://dist.apache.org/repos/dist/dev/cordova/lib-11.1.0 >>> >>> The package was published from its corresponding git tag: >>> cordova-lib: 11.1.0 (d2e9c53945) >>> >>> Upon a successful vote I will upload the archive to dist/, publish it >>> to npm, and post the blog post. >>> >>> Voting guidelines: https://github.com/apache/cordova- >>> coho/blob/master/docs/release-voting.md >>> >>> Voting will go on for a minimum of 48 hours. >>> >>> ==== >>> >>> I vote +1: >>> >>> * Ran coho audit-license-headers over the relevant repos >>> * Ran coho check-license to ensure all dependencies and sub- >>> dependencies have Apache-compatible licenses >>> * Ensured the continuous build was green when repo was tagged >>> * Ran `npm test` >>> * Ran `npm audit` >>> >>> found 0 vulnerabilities >>> >>> * Ran various `cordova` test w/ sample app: >>> * `cordova` >>> * `cordova -v` >>> * `cordova create` >>> * `cordova info` >>> * `cordova help` >>> * `cordova config ls` >>> * `cordova requirements` >>> * `cordova telemetry` >>> * `cordova plugin` >>> * `cordova plugin add` >>> * `cordova plugin rm` >>> * `cordova platform` >>> * `cordova platform add` >>> * `cordova platform rm` >>> * `cordova build` >>> * `cordova prepare` >>> * `cordova compile` >>> * `cordova run` >>> * `cordova serve` >>> >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org >>> For additional commands, e-mail: dev-h...@cordova.apache.org > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org > For additional commands, e-mail: dev-h...@cordova.apache.org >
