CB-14145 resolve npm audit issues in patch fix #50
Conversation
* CB-3785: enable EventListener interface support * CB-3785: Channel.prototype.subscribe to support EventListener interface * CB-9967 deleted legacy platform specific files from cordova-js * CB-11522 [windows] Make cordova-js handle 'unknown' type * CB-11522 Make utils.clone handle properties gracefully
from cordova-js@4.2.2
update from cordova-js@4.2.4
- coffee-script - nodeunit - uncrustify and move tmp to end of the list
Co-authored-by: Audrey So <audreyso@apache.org> Co-authored-by: Christopher J. Brody <chris.brody@gmail.com>
in devDependencies to resolve some npm audit warnings
resolves some npm audit warnings with changes by @brodybits (Christopher J. Brody): - .eslintrc.yml turn off more eslint rules in 4.0.x patch release - package.json skip eslint on tests (disabled in .eslintignore) Co-authored-by: Audrey So <audreyso@apache.org> Co-authored-by: Christopher J. Brody <chris.brody@gmail.com>
with some eslint rules turned off
Outdated Cordova dependencies not included: - cordova-common - xcode (from apache/cordova-node-xcode)
remove: - /node_modules add: - node_modules/.bin - package-lock.json - tests/cdv-test-project/node_modules/* - tests/cdv-test-project/package.json
- lodash-node - lodash - os-homedir - os-tmpdir - osenv
Bundling is done to support Node.js 4, which we know is deprecated but cannot be dropped in a patch release. Hope we can remove the bundled node_modules from master in the near future for major release. For this kind of a change I would generally suggest checking each of the individual commits. Thanks @purplecabbage! |
|
I would like to make one more update to include xcode@1.0.1 with [dev] audit fixes in apache/cordova-node-xcode#10. Apologies for any possible confusion. |
|
We will remove the bundled node_modules in the next major version, but we can't do that in a patch release because it breaks compatibility with older versions of the cordova tooling. |
- cordova-common@2.2.5 - xcode@0.9.3 (same as cordova-ios@4.5.5)
in dependencies (explicitly used by some scripts in bin/templates/scripts/cordova/lib)
installed by using the following command with npm@6.2.0:
npm i --only=production
with the following artifacts ignored:
node_modules/.bin/*
package-lock.json
(needed to support the deprecated Node.js 4 version)
Needed to clear the red highlights in npm outdated --depth=0
|
Merged with a couple more updates:
Also checked that See updated description for more details. |
Platforms affected
mac OS ("osx")
What does this PR do?
xcode@1.0.0xcode@0.9.3 (same as cordova-ios)node_modules/.bin) using the following command on npm@6.1.0:npm install --only=production:CordovaLib/cordova.jsfrom cordova-js versions 4.2.0, 4.2.2, and 4.2.4bundledDependenciesto support deprecated Node.js 4 in this patch fixdevDependencies: coffee-script, nodeunit, uncrustify ([WIP] Major release TODO WIP #49)(with some eslint rules turned off in tests/spec for now)and resolve eslint issues in tests/spec ([WIP] Major release TODO WIP #49)What testing has been done on this change?
npm auditwithnpm@6.1.0npm@6.2.0 (latest release) shows 0 vulnerabilitiesnpm outdatedshows no red entriesnpm testsucceeds locallycordova platform add brodybits/cordova-osx#cb-14145-patchto new Cordova project and thencordova run osxsucceeds on deprecated Node.js 4 (npm@2.15.11) and Node.js 8 (npm@5.6.0)cordova platform add brodybits/cordova-osx#cb-14145-patchto new Cordova project and then run from Xcode succeeds on deprecated Node.js 4 (npm@2.15.11)cordova platform add brodybits/cordova-osx#cb-14145-patchto new Cordova project and thencordova build osxsucceeds on deprecated Node.js 4 (npm@2.15.11)TODO: check that Travis CI which includes(skipping this step since other changes would be needed for this project to pass its tests on Travis CI)npm testtask passesChecklist
Added automated test coverage as appropriate for this change.