Best way to update an ionic app + cordova?

1

The google play developer console gives me warning like this:

“This app is built on a version of Apache Cordova that contains security vulnerabilities. This includes a high severity cross-application scripting (XAS) vulnerability.”

cordova -v
3.4.1-0.1.0

My guess would be I should update to the latest version of cordova:

npm update -g cordova

Will that be enough or should I manually update cordova plugins or my app as well? I’m also wondering what version of cordova we should install, is it 3.6 or can we use 4.0 safely with ionic?

Thanks for helping out. This is my first ionic/cordova app in the app store so I’m still figuring out the best way to do things.

2

Hi @jorre,

With your project as your current directory run the following:

cordova platform check

That command will tell you the platforms that can receive updates. Then run the following command:

cordova platform update android

Android can be replaced with iOS if you’re trying to update iOS.

Platform versions are a little different than CLI versions. I think Android is only on 3.6.3 while the CLI is on 4.0. Doesn’t really matter.

Regards,

3

Thanks for helping out! The cordova platform check doesn’t yield any useful results.

I’ve managed to update the android platform like you described, but I’m unable to do the same for ios.

cordova platforms
Installed platforms: android 3.6.4, ios 3.4.1

cordova platform update ios
Error: No compatible version found: cordova-ios@'>=8458588.0.0-0 <8458589.0.0-0'
Valid install targets:
["3.5.0","3.6.0","3.6.1","3.6.3"]

I’m running cordova CLI 4.0 if that helps?

4

Hi @jorre,

Android, iOS, and the CLI run off different version numbers. Just be cause an update is available for one, doesn’t mean there is an update available for all.

It makes sense that iOS does not have an update available.

Glad you got it working for Android :smile:

Regards,

5

Are you sure? From what I read here, 3.6.0 is the latest version of cordova-ios? I’m running 3.4.1 and am unable to install the update: https://github.com/apache/cordova-ios/blob/master/RELEASENOTES.md

6

That is weird. All documentation on the internet says it should have worked.

What happens if you do this:

cordova platform update ios@3.7.0

Per the Git repository, it says 3.7.0 was just released.

7

Hi @nicraboy , that gives me the following output:

cordova platform update ios@3.7.0
Platform "ios@3.7.0" is not installed. See `cordova platform list`.

running cordova platform list yields:

Installed platforms: android 3.4.0, ios 3.4.1
Available platforms: amazon-fireos, blackberry10, browser, firefoxos
8

What I did was remove the ios platform completely and reinstall it. That way I can install 3.7.0

Thanks for helping out !

9

I got the warning in Google Play as well.

Running cordova platform check gave this:
android @ 3.5.0 could be updated to: 3.6.3
ios @ 3.5.0 could be updated to: 3.6.3

Then I ran these two:
cordova platform update android
cordova platform update ios

Worked like a charm for me.