ContextQMD
Back to Cordova

2022 11 26

slack-digest/2022-11-26.md

latest1.1 KB
Original Source

Cordova Slack Digest

Sat, 26 Nov 2022 08:21:18 GMT

User count: 4721

Join the conversation at slack.cordova.io

Channel #cordova-android (4 messages)

Fri, 25 Nov 2022 10:14:14 GMT

@info460 says

Thank you

Fri, 25 Nov 2022 17:35:37 GMT

@info460 says

Should I do full update even by using fix --force ? ( Sorry I am quite new to tooling and don't want to break stuff)

Fri, 25 Nov 2022 20:44:01 GMT

@norman137 says

using fix --force will cause it to use alternate versions of the dependency packages (even crossing major versions which often signal breaking changes) to solve audit issues.

Cordova uses a package called update-notifier which contains dependencies on older versions of some dependencies that are part of that moderate vulnerability list. The fixed packages are packages updated with ESM style imports which isn't compatible with CommonJS (CommonJS being large majority of Node packages). It will break Cordova.

Fri, 25 Nov 2022 21:52:42 GMT

@info460 says

Thanks for explanation