-
Notifications
You must be signed in to change notification settings - Fork 984
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CB-14145 resolve npm audit issues in 4.5.x patch fix #379
Conversation
update from cordova-js@4.2.4
- add Node.js 8 & 10 - show npm version - latest releases of Node.js 4 & 6 - minor cleanup
Codecov Report
@@ Coverage Diff @@
## 4.5.x #379 +/- ##
=======================================
Coverage 63.45% 63.45%
=======================================
Files 14 14
Lines 1691 1691
Branches 284 284
=======================================
Hits 1073 1073
Misses 618 618 Continue to review full report at Codecov.
|
Marked as WIP since I would like to include xcode@1.0.1 once it is ready with changes fro apache/cordova-node-xcode#10 to resolve [dev] audit issues there. P.S. My apologies for any possible confusion this may cause. |
- add Node.js versions 8 & 10 - do normal npm install (workaround for uncrustify no longer needed)
- coffee-script - uncrustify
according to versions in node_modules
updates to resolve npm audit issues: - cordova-common@2.2.5 - ios-sim@6.1.3 - plist@2.1.0
items not needed (4.5.x): - node_modules/.bin (all contents) - node_modules/pegjs - package-lock.json
as installed by the following command on npm@6.1.0: npm i --only=production (needed to support deprecated Node.js 4 version)
(indirect production dependencies needed by deprecated Node.js 4.x)
Merged with a few additional changes:
Thanks @shazron for the review. |
Platforms affected
iOS
What does this PR do?
npm audit
issues in this patch fix:node_modules
(ignoringnode_modules/.bin
) using the following command on npm@6.1.0:npm install --only=production
cordova.js
from cordova-js@4.2.4 with the following changes (using local coho with Improve patch release support cordova-coho#176 for patch release support):bundledDependencies
to support deprecated Node.js 4 in this patch fix.travis.yml
to test on latest version of Node.js 4 (deprecated), 6, 8, and 10 (with other minor cleanup fixes).gitignore
updates in this patch fixappveyor.yml
to cover Node.js 8 & 10 and do normalnpm install
now that workaround foruncrustify
is no longer neededWhat testing has been done on this change?
npm run unit-tests
passes on full npm install on Node.js versions 4 (deprecated), 6, 8, and 10npm audit
with npm@6.1.0 (latest version) shows 0 vulnerabilitiescordova platform add brodybits/cordova-ios#cb-14145-patch
to add platform to new Cordova project and test on iOS simulator usingcordova run ios
succeeds on the following Node.js versions:CI testing:
npm test
and other tests pass on Travis CIunit-tests
, etc. pass on AppVeyor CIChecklist
Added automated test coverage as appropriate for this change.