Your message dated Tue, 04 Apr 2023 21:26:49 +0000
with message-id <[email protected]>
and subject line unblock node-sinon
has caused the Debian Bug report #1033927,
regarding unblock: node-sinon/14.0.2+ds+~cs74.13.25-2
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1033927: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033927
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: [email protected]
Usertags: unblock
X-Debbugs-Cc: [email protected]
Control: affects -1 + src:node-sinon
Please unblock package node-sinon
[ Reason ]
node-sinon is a package used during JS tests. In Debian JS Team we
choose to launch autopkgtest with `--disable-proto=throw` to ensure
that JS packages don't used this old way to access to prototype for
security reasons.
This change started in September 2022 (pkg-js-autopkgtest 0.15.x).
node-sinon currently parses all object properties without avoid
__proto__. This breaks (at least) node-nock autopkgtest.
[ Impact ]
No change, the patch just avoid parsing __proto__
[ Tests ]
No change in test, still pass (autopkgtest + build). This fixed also
node-nock test.
[ Risks ]
No risk here, patch is trivial
[ Checklist ]
[X] all changes are documented in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in testing
[ Other info ]
This debdiff adds also some tips from lintian-brush (lintian tags and
metadata update)
Cheers,
Yadd
unblock node-sinon/14.0.2+ds+~cs74.13.25-2
diff --git a/debian/changelog b/debian/changelog
index aaace48..111c526 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,14 @@
+node-sinon (14.0.2+ds+~cs74.13.25-2) unstable; urgency=medium
+
+ * Team upload
+ * Update lintian override info format in d/source/lintian-overrides
+ on line 2-3
+ * Set upstream metadata fields: Bug-Database, Bug-Submit, Repository-Browse
+ * Update standards version to 4.6.2, no changes needed
+ * Drop calls to __proto__ (Closes: #1033818)
+
+ -- Yadd <[email protected]> Mon, 03 Apr 2023 07:26:51 +0400
+
node-sinon (14.0.2+ds+~cs74.13.25-1) unstable; urgency=medium
* Team upload
diff --git a/debian/control b/debian/control
index 1a73a29..c60cd62 100644
--- a/debian/control
+++ b/debian/control
@@ -27,7 +27,7 @@ Build-Depends:
, node-supports-color
, node-type-detect
, node-util <!nocheck>
-Standards-Version: 4.6.1
+Standards-Version: 4.6.2
Vcs-Browser: https://salsa.debian.org/js-team/node-sinon
Vcs-Git: https://salsa.debian.org/js-team/node-sinon.git
Homepage: https://sinonjs.org/
diff --git a/debian/patches/dont-try-to-access-to-__proto__.patch
b/debian/patches/dont-try-to-access-to-__proto__.patch
new file mode 100644
index 0000000..5973750
--- /dev/null
+++ b/debian/patches/dont-try-to-access-to-__proto__.patch
@@ -0,0 +1,16 @@
+Description: don't try to access to __proto__
+Author: Yadd <[email protected]>
+Forwarded: no
+Last-Update: 2023-04-03
+
+--- a/lib/sinon/util/core/walk.js
++++ b/lib/sinon/util/core/walk.js
+@@ -17,7 +17,7 @@
+ }
+
+ forEach(Object.getOwnPropertyNames(obj), function (k) {
+- if (seen[k] !== true) {
++ if (k !== '__proto__' && seen[k] !== true) {
+ seen[k] = true;
+ var target =
+ typeof Object.getOwnPropertyDescriptor(obj, k).get ===
diff --git a/debian/patches/series b/debian/patches/series
index ffb3e1f..b2b7689 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -2,3 +2,4 @@ fix-sinonjsreferee-sinon-test.diff
reproducible.patch
fix-for-path-to-regexp-6.patch
drop-unstable-test.patch
+dont-try-to-access-to-__proto__.patch
diff --git a/debian/source/lintian-overrides b/debian/source/lintian-overrides
index 3f4d9d6..05b110e 100644
--- a/debian/source/lintian-overrides
+++ b/debian/source/lintian-overrides
@@ -1,6 +1,6 @@
# False positive: data
-source-is-missing *sinonjstext-encoding/lib/encoding-indexes.js*
-source-contains-prebuilt-javascript-object
*sinonjstext-encoding/lib/encoding-indexes.js*
+source-is-missing [*sinonjstext-encoding/lib/encoding-indexes.js*]
+source-contains-prebuilt-javascript-object
[*sinonjstext-encoding/lib/encoding-indexes.js*]
very-long-line-length-in-source-file *sinonjsfake-timers/LICENSE*
very-long-line-length-in-source-file
*sinonjstext-encoding/lib/encoding-indexes.js*
very-long-line-length-in-source-file *.md*
diff --git a/debian/upstream/metadata b/debian/upstream/metadata
index 6d85d64..c5adee0 100644
--- a/debian/upstream/metadata
+++ b/debian/upstream/metadata
@@ -1,6 +1,6 @@
---
Archive: GitHub
-Bug-Database: https://github.com/cjohansen/Sinon.JS/issues
-Bug-Submit: https://github.com/cjohansen/Sinon.JS/issues/new
+Bug-Database: https://github.com/sinonjs/sinon/issues
+Bug-Submit: https://github.com/sinonjs/sinon/issues/new
Repository: https://github.com/cjohansen/Sinon.JS.git
-Repository-Browse: https://github.com/cjohansen/Sinon.JS
+Repository-Browse: https://github.com/sinonjs/sinon
--- End Message ---
--- Begin Message ---
Unblocked.
--- End Message ---
