The rationale behind releasing with the `request` vulnerabilities:
We are looking for ways to drop/replace the insight package, which is the package that is importing `request`. Insight collects anonymous telemetry data and thus we believe in good faith that the impact on Cordova
is low and not severe enough to block a release. On 2023-05-16 12:00 a.m., Bryan Ellis wrote:
Does anyone have any reason to delay a release for cordova-cli? * cordova-cli (12.0.0) https://github.com/apache/cordova-cli/compare/rel/11.1.0...master Any additional outstanding changes to land? If not, I will start the release process shortly --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org For additional commands, e-mail: dev-h...@cordova.apache.org
--------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org For additional commands, e-mail: dev-h...@cordova.apache.org
