Package: devscripts
Version: 2.19.6
Severity: normal
When using component, if no change is done on a component, uscan
symlinks it without taking care of compression used. Repack should be
forced in compression differs.
Package: jsbeautifier
Version: 1.6.4-7
Severity: normal
Hi all,
both jsbeautifier and node-js-beautify come from the same upstream
source, the first provides js-beautify and the second html-beautify and
css-beautify. This crasy situation should be solved by an "alternative" to
provides the 3
Package: pkg-js-tools
Version: 0.8.10
Severity: normal
To be fixed in 0.8.11
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: transition
(please explain about the transition: impacted packages, reason, ...
for more info see: https://wiki.debian.org/Teams/ReleaseTeam/Transitions)
Hi all,
pkg-js-tools provides a
Package: node-yallist
Version: 3.0.3-1
Severity: important
node-yallist does not install iterator.js which make it partially
unusable. Please fix install.
-- System Information:
Debian Release: bullseye/sid
APT prefers testing
APT policy: (900, 'testing'), (500, 'unstable')
Architecture:
Package: pkg-js-tools
Version: 0.8.1
Severity: wishlist
After component automatic install, I'd like to propose a default
installer when debian/install is missing.
Other languages have tools to install automatically libraries in the
good place. Sadly we don't have any tool for this. That's why
Package: pkg-js-tools
Version: 0.8.1
Severity: wishlist
When using components in node modules, the best way to use them is to
install them in node_modules/ directory. However, dpkg-source install
them at the top source directory under a directory named by "component"
field value (debian/watch).
Package: release.debian.org
Severity: normal
Hi all,
For the next release, we (pkg-js team) would like to update rollup. Like
many compilers, it build-depends on itself. Current version in Buster is
0.50.0, The last published upstream is 1.17.0.
We would also like to provide a Buster-backports
index 17cb287..74f9154 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+node-mixin-deep (1.1.3-3+deb10u1) buster; urgency=medium
+
+ * Fix prototype pollution (Closes: #932500, CVE-2019-10746)
+
+ -- Xavier Guimard Sat, 20 Jul 2019 17:41:17 +0200
+
node-mixin-deep (1.1.3-3
Package: ftp.debian.org
Severity: normal
node-husl is no more maintained upstream [1]: it has been replaced by
hsluv.
This package has no reverse dependencies, I think it can safely be
removed form Debian archive.
Cheers,
Xavier
[1]: https://www.npmjs.com/package/husl
Package: wnpp
Severity: wishlist
Owner: Xavier Guimard
* Package name: psl.js
Version : 1.2.0
Upstream Author : Lupo Montero
* URL : https://github.com/lupomontero/psl
* License : Expat
Programming Lang: JavaScript
Description : JavaScript domain name
Source: node-husl
Severity: important
Tags: security
Hi all,
husl module is replaced by hsluv, so node-husl is no more upstream
maintained [1].
This module seems unused anywhere in dependencies so perhaps can we simply
remove it from unstable/testing.
If noone disagrees, I plan to launch a
Package: node-request-promise
Version: 4.2.4-1
Severity: important
Both autopkgtest tests fail with the following message:
8<
autopkgtest [16:10:50]: test require: [---
###
### The "request" library is not installed automatically anymore.
### But is a
Package: node-duplexer3
Version: 0.1.4-4
Severity: grave
node-duplexer3 provides node-duplexer2: /usr/lib/nodejs/duplexer2 is a
symblik to /usr/lib/nodejs/duplexer3. Nodejs now looks at package.json
"name" field and refuse to load it:
$ node -e 'require("duplexer2")'
Package: pkg-js-autopkgtest
Version: 0.5
Severity: important
nodejs packages can install files in /usr/share/nodejs or
/usr/lib/<$DEB_HOST_MULTIARCH>/nodejs while pkg-js-autopkgtest links
only files from /usr/lib/nodejs. This has to be updated
Package: node-json3
Severity: normal
Tags: security upstream
According to https://github.com/bestiejs/json3, node-json3 is no more
maintained and easy to replace by native JSON.parse/JSON.stringify
functions.
A ROM-RM issue is opened (#931653). This one will avoid testing
migration.
Package: ftp.debian.org
Severity: normal
Hi all,
node-json3 is no more maintained according to
https://github.com/bestiejs/json3
This package has no reverse dependencies, so it can safely be removed
from Debian archive.
Cheers,
Xavier
ex 000..54f0167
--- /dev/null
+++ b/debian/patches/missing-operator.patch
@@ -0,0 +1,18 @@
+Description: Add missing ES6 "=>" operator
+Author: Xavier Guimard
+Bug: https://rt.cpan.org/Ticket/Display.html?id=129976
+Bug-Debian: https://bugs.debian.org/931379
+Forwarded: https://rt
Package: liblemonldap-ng-portal-perl
Version: 1.9.7-3
Severity: normal
Tags: security upstream
Notification server (not enabled by default) allows authorized
administrators to push XML files to notify a message to a user. Due to
#838097, XML::LibXML expands external entities by default. Then an
) stretch; urgency=medium
+
+ * Sanitize input before passing it to exec. This embeds shell-escape little
+module (Closes: #900868, CVE-2017-16042)
+
+ -- Xavier Guimard Fri, 07 Jun 2019 12:14:09 +0200
+
node-growl (1.7.0-1) unstable; urgency=low
* Initial release (closes: #704930).
diff --git
dependency on cyrus-murder (Closes: #872238)
+
+ [ Xavier Guimard ]
+ * Add patch to fix arbitrary code execution via CalDAV
+(Closes: CVE-2019-11356)
+
+ -- Xavier Guimard Fri, 07 Jun 2019 06:41:23 +0200
+
cyrus-imapd (3.0.8-5) unstable; urgency=medium
[ Xavier Guimard ]
diff -Nru cyrus
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package node-unicode-property-value-aliases
Hi all,
due to unicode changes, node-unicode-property-value-aliases should be
updated in Buster or at least rebuilt using
in 1.9.7-3+deb9u1
+
+ -- Xavier Guimard Mon, 27 May 2019 10:35:48 +0200
+
lemonldap-ng (1.9.7-3+deb9u1) stretch-security; urgency=medium
* Add patch to fix token security (Closes: #928944, CVE-2019-12046)
diff --git a/debian/patches/CDA-regression.patch
b/debian/patches/CDA-regression.patch
(Closes: #929447)
+
+ -- Xavier Guimard Thu, 23 May 2019 20:28:45 +0200
+
node-regenerate-unicode-properties (7.0.0+ds-1) unstable; urgency=medium
* New upstream release.
diff --git a/debian/control b/debian/control
index 22119fe..ace86b4 100644
--- a/debian/control
+++ b/debian/control
..d60dcee 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+acorn (5.5.3+ds3-3) unstable; urgency=medium
+
+ * Teamp upload
+ * Change unicode dependency to 12 (Closes: #929426)
+
+ -- Xavier Guimard Thu, 23 May 2019 19:49:18 +0200
+
acorn (5.5.3+ds3-2) unstable; urgency
(3.0.8-5) unstable; urgency=medium
+
+ [ Xavier Guimard ]
+ * Add upstream/metadata
+
+ [ Anthony Prades ]
+ * sieve segfault (Closes: #927142)
+
+ [ Xavier Guimard ]
+ * Fix Standards-Version to 4.3.0
+ * Add patch headers
+ * Trailing whitespaces
+ * Add myself to uploaders
+ * Add
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package cyrus-imapd
Hi all,
Buster has currently cyrus-imapd 3.0.8. Upstram last version is 3.0.9.
This version has one new little feature:
"The new ``cyrus_group`` option
ngelog
@@ -1,3 +1,9 @@
+lemonldap-ng (2.0.2+ds-7+deb10u1) unstable; urgency=high
+
+ * Fix tokens security (Closes: #928944, CVE-2019-12046)
+
+ -- Xavier Guimard Mon, 13 May 2019 21:22:34 +0200
+
lemonldap-ng (2.0.2+ds-7) unstable; urgency=medium
* Import upstream translations update
diff --git a
4.14.0-3-amd64 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE=
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Description:
Author: Xavier Guimard
Forwarded: https://github.com
VE-2019-5432)
+ * Fix debian/copyright format url
+ * Enable upstream test during build
+
+ -- Xavier Guimard Wed, 08 May 2019 19:27:08 +0200
+
node-mqtt-packet (6.0.0-1) unstable; urgency=low
* New upstream release
diff --git a/debian/control b/debian/control
index 48e32a0..079e795
h policy 4.3.0
+ * Add upstream/metadata
+ * Add patch to destroy stream on exceeding maxContentLength
+(Closes: #928624, CVE-2019-10742)
+ * Fix debian/copyright format URL
+
+ -- Xavier Guimard Tue, 07 May 2019 22:59:58 +0200
+
node-axios (0.17.1+dfsg-1) unstable; urgency=low
* I
upload
+ * Add upstream/metadata
+ * Build-depend on node-unicode-12.0.0
+ * Declare compliance with policy 4.3.0
+
+ -- Xavier Guimard Tue, 07 May 2019 18:25:20 +0200
+
node-regjsparser (0.6.0+ds-1) unstable; urgency=medium
* New upstream release.
@@ -22,9 +31,9 @@ node-regjsparser (0.4.0+ds-1)
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package node-unicode-data
Hi all,
Julien pushed a new version of node-unicode-data that fixes #927944
(FTBFS). Changes are only related to unicode-12 support.
Cheers,
-translations.diff
diff --git a/debian/patches/update-translations.diff
b/debian/patches/update-translations.diff
new file mode 100644
index 0..fdd33522f
--- /dev/null
+++ b/debian/patches/update-translations.diff
@@ -0,0 +1,1220 @@
+Description: Import upstream translation updates
+Author: Xavier
tadata
+ * Add patch to fix regexp ddos (Closes: #927715, CVE-2017-16119)
+ * Fix and enable upstream test using pkg-js-tools
+ * Fix VCS fields
+ * Fix copyright format URL
+
+ -- Xavier Guimard Thu, 25 Apr 2019 12:23:28 +0200
+
node-fresh (0.2.0-1) unstable; urgency=low
* Initial release (
ngelog
@@ -1,3 +1,13 @@
+node-js-beautify (1.7.5+dfsg-3) unstable; urgency=medium
+
+ * Team upload
+ * Add SHELL=/bin/bash in debian/rules to make build reproducible. Thanks to
+Chris Lamb (Closes: #924458)
+ * Fix install (Closes: #927868)
+ * Add test on css-beautify and html-beautify
+
+ --
Package: devscripts
Version: 2.19.4
Severity: normal
Tags: pending
User: devscri...@package.debian.org
Usertags: uscan
When parsing multiple watch files, uscan stops after the first error.
This is a regression since 2.18.5
Fix: https://salsa.debian.org/debian/devscripts/merge_requests/119
s: #927466, CVE-2019-11358)
+ * Add patch to make the build reproducible. Thanks to Chris Lamb
+(Closes: #886001)
+
+ -- Xavier Guimard Tue, 23 Apr 2019 18:12:00 +0200
+
node-jquery (2.2.4+dfsg-3) unstable; urgency=medium
* Bump Standards-Version to 4.1.4 (no changes needed)
diff --gi
++ b/debian/changelog
@@ -1,3 +1,23 @@
+node-mixin-deep (1.1.3-3) unstable; urgency=medium
+
+ * Team upload
+ * Back to debhelper 9 (Buster freeze)
+
+ -- Xavier Guimard Sun, 21 Apr 2019 14:34:56 +0200
+
+node-mixin-deep (1.1.3-2) unstable; urgency=medium
+
+ * Team upload
+ * Add upstream/meta
d size to a sane value
+(Closes: #927671, CVE-2016-10542)
+
+ -- Xavier Guimard Sun, 21 Apr 2019 08:58:55 +0200
+
node-ws (1.1.0+ds1.e6ddaae4-4) unstable; urgency=medium
* Priority: optional
diff --git a/debian/control b/debian/control
index 9d70aba..52806c2 100644
--- a/debian/control
+++
..a4f80b6a
--- /dev/null
+++ b/debian/patches/SNYK-JS-JQUERY-174006.diff
@@ -0,0 +1,21 @@
+Description: Prevent Object.prototype pollution for $.extend( true, ... )
+Author: Xavier Guimard
+Origin: upstream,
https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b
+Bug: https
index 259a482a..ad742734 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+jquery (3.3.1~dfsg-3) unstable; urgency=medium
+
+ * Team upload
+ * Disable check-against-upstream-build test (autopkgtest) since file is now
+patched. Fixes debci
+
+ -- Xavier Guimard Fri, 19 Apr
on (Closes: #927385)
+ * Upgrade links to https
+
+ -- Xavier Guimard Thu, 18 Apr 2019 22:34:14 +0200
+
jquery (3.3.1~dfsg-1) unstable; urgency=medium
* Team upload.
diff --git a/debian/control b/debian/control
index 9564aeff..126c17ca 100644
--- a/debian/control
+++ b/debian/control
@@ -13,7 +13,
a/debian/changelog b/debian/changelog
index 0df52d2..43d031a 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+node-superagent (0.20.0+dfsg-1+deb9u1) stretch; urgency=medium
+
+ * Add patch to fix ZIP bomb attacks (Closes: CVE-2017-16129)
+
+ -- Xavier Guimard Thu, 18 Apr 2019
+ * Fix debian/copyright format URL
+ * Add upstream/metadata
+
+ -- Xavier Guimard Thu, 18 Apr 2019 14:22:09 +0200
+
node-superagent (0.20.0+dfsg-1) unstable; urgency=medium
* Imported Upstream version 0.20.0+dfsg
diff --git a/debian/control b/debian/control
index 8a9adb8..4207e63 100644
---
6058, CVE-2018-3774)
+ * Enable upstream tests using pkg-js-tools. This adds node-deep-eql,
+node-object-inspect and node-pathval in build dependencies
+ * Fix VCS fields
+ * Fix debian/copyright format URL
+ * Fix description (trailing whitespaces)
+ * Add upstream/metadata
+
+ -- Xavier Guim
n/changelog b/debian/changelog
index edaed62..0cb77bd 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,21 @@
+node-sshpk (1.13.1+dfsg-2) unstable; urgency=medium
+
+ * Team upload
+
+ [ Pirate Praveen ]
+ * Enable nocheck build profile
+
+ [ Xavier Guimard ]
+ * Declare complia
-tools
+ * Declare compliance with policy 4.3.0
+ * Change section to javascript
+ * Change priority to optional
+ * Fix VCS fields
+ * Fix debian/copyright format URL
+ * Add upstream/metadata
+
+ -- Xavier Guimard Mon, 15 Apr 2019 07:05:03 +0200
+
node-serve-static (1.6.4-2) unstable
/changelog b/debian/changelog
index a6a3f75..933bb5b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,24 @@
+simile-timeline (2.3.0+dfsg1-4) unstable; urgency=medium
+
+ * Team upload
+ * Fix error in reiwa.diff patch
+
+ -- Xavier Guimard Sun, 14 Apr 2019 23:02:19 +0200
+
+simile
only 1 CPU is available (#909480)
+
+ -- Xavier Guimard Wed, 10 Apr 2019 21:24:03 +0200
+
feersum (1.406-1) unstable; urgency=medium
* debian/rules: fix Perl path in example files
diff --git a/debian/control b/debian/control
index 081e2ba..e995ca7 100644
--- a/debian/control
+++ b/debian/contro
Package: node-miller-rabin
Version: 4.0.1-4
Severity: normal
Tags: upstream
Forwarded: https://github.com/indutny/miller-rabin/issues/9
As reported in #926720, correctly implemented Miller-Rabin test should
have false positives only with negligible probability.
See https://bugs.debian.org/926720
patch to fix FTBFS (Closes: #926720). Thanks to Santiago Vila
+
+ -- Xavier Guimard Tue, 09 Apr 2019 18:54:43 +0200
+
node-miller-rabin (4.0.1-4) unstable; urgency=medium
* Team upload
diff --git a/debian/patches/fix-randomly-ftbfs.diff
b/debian/patches/fix-randomly-ftbfs.diff
new file
elds
+ * Fix debian/copyright years
+ * Add upstream/metadata
+ * Change section to javascript
+
+ -- Xavier Guimard Mon, 08 Apr 2019 14:52:06 +0200
+
node-deep-extend (0.4.1-1) unstable; urgency=medium
- * Initial release
+ * Initial release
-- Thorsten Alteholz Mon, 22 Feb 2016 18:1
Package: release.debian.org
Severity: normal
Hi all,
New Apache 2.4.39 fixes many bugs (including 5 CVEs [1]) with only 2
minor new features. Do you think it is a good idea to upgrade Apache
version in Buster or do you prefer a 2.4.38 with 2.4.39 fixes (means
2.4.39 without ~2 commits) or only
Package: lintian
Version: 2.11.0
Severity: normal
Tags: patch
Hi all,
since devscripts 2.18.5, debian/watch dversionmangle can be set to
"auto": this includes all common mangle version.
A merge request is coming to fix this.
Cheers,
Xavier
-- System Information:
Debian Release: buster/sid
)
+
+ -- Xavier Guimard Thu, 28 Mar 2019 10:41:14 +0100
+
+lemonldap-ng (2.0.2+ds-5) unstable; urgency=medium
+
+ * Fix bad build dependency: Authen::2F::Tester instead of Authen::2F
+ * Split autopkgtests to test each library separately
+
+ -- Xavier Guimard Sat, 02 Mar 2019 13:47:29 +0100
Vcs fields for migration to https://salsa.debian.org/
+
+ [ Xavier Guimard ]
+ * Add upstream/metadata
+ * Update debian/copyright format URL
+ * Test: replace the use of deprecated "--compilers" by a test on generated
+files (fixes debci)
+ * Use debian/clean instead of an override
+
t20180416.cfc96ba0-3) unstable; urgency=medium
+
+ * Team upload
+
+ [ Xavier Guimard ]
+ * Add dh_installexamples -Xtmp/ to make build reproductible. Thanks to
+Chris Lamb (Closes: #924462)
+
+ [ Utkarsh Gupta ]
+ * Add patch to fix CVE-2019-10061 (Closes: #925571)
+
+ -- Utkarsh Gupta Wed, 27 M
+ * Update lintian-overrides
+ * Add Multi-Arch: foreign
+
+ -- Xavier Guimard Thu, 21 Mar 2019 15:52:01 +0100
+
node-jschardet (1.6.0+dfsg-1) unstable; urgency=low
* Initial release (Closes: #886228)
diff --git a/debian/clean b/debian/clean
new file mode 100644
index 000..f5985ef
Package: debci
Version: 2.0
Severity: normal
Hi all,
I followed exactly
https://ci.debian.net/doc/file.MAINTAINERS.html#label-How+can+I+reproduce+the+test+run+locally-3F
steps to get a LXC environment. Step "debci setup" fails because network
isn't well configured. I got these errors:
Cannot
Package: node-formidable
Version: 1.0.13-1
Severity: grave
Tags: upstream
Justification: renders package unusable
node-formidable is unusable with Node.js >=7:
Error [ERR_NO_LONGER_SUPPORTED]: Buffer.write(string, encoding, offset[,
length]) is no longer supported
at Buffer.write
; urgency=medium
+
+ * Remove useless link to index.js (Closes: #924200)
+
+ -- Xavier Guimard Sun, 10 Mar 2019 10:51:41 +0100
+
node-log4js (4.0.2-1) unstable; urgency=medium
[ Mike Gabriel ]
diff --git a/debian/links b/debian/links
index 7d28891..78af5b4 100644
--- a/debian/links
+++ b
Package: wnpp
Severity: wishlist
Owner: Xavier Guimard
* Package name: node-nodemailer
Version : 5.1.1
Upstream Author : Andris Reinman
* URL : https://nodemailer.com/
* License : Expat
Programming Lang: Javascript
Description : Node.js library to send
)
+ * Switch tests to pkg-js-tools
+ * Add libjs-prettify in dependencies (Closes: #919841)
+ * generate prettify.js links with dh_links
+
+ -- Xavier Guimard Sun, 10 Mar 2019 10:27:57 +0100
+
node-istanbul (0.4.5+ds-4) unstable; urgency=medium
* Team upload
diff --git a/debian/control b/debian
Package: lintian
Version: 2.9.1
Severity: minor
Hi all,
To launch part of the tests, Lintian::Tutorial::Testsuite proposes to
use either:
$ debian/rules runtests onlyrun=tag:$tag
$ t/bin/runtests --dump-logs -k t debian/test-out tag:$tag
None of these examples work (all test launched or
Package: lintian
Version: 2.7.0
Severity: wishlist
Hi all,
pkg-js-tools provides tools to test nodejs packages. It search for 2
files: debian/tests/pkg-js/{test,files}
It could be interesting to provide these 2 tags:
* "W: pkg-js-tools-test-is-missing":
- if "dh --with nodejs" is used and
Package: ftp.debian.org
Severity: normal
Hi all,
1. ejs.js provides libjs-ejs (used by nobody) and node-ejs which is also
provided by src:node-ejs
2. src:node-ejs is up-to-date while src:ejs.js isn't (old github repo)
3. the only reverse dependency of node-ejs is node-nodeunit which
Package: libconfig-model-dpkg-perl
Version: 2.122
Severity: normal
Hi all,
npm2deb build dependencies using this format:
Build-Depends:
debhelper (>= 11)
, nodejs (>= 6)
But cme is unable to parse it:
$ LANG=C cme fix dpkg-control
Reading package lists... Done
Building
@@
+twitter-bootstrap3 (3.3.7+dfsg-2+deb9u2) UNRELEASED; urgency=medium
+
+ * Add patch to fix CVE-2019-8331: XSS in tooltip or popover
+
+ -- Xavier Guimard Thu, 21 Feb 2019 21:42:06 +0100
+
twitter-bootstrap3 (3.3.7+dfsg-2+deb9u1) stretch; urgency=high
* Team upload.
diff -Nru twitter
Package: libconfig-model-dpkg-perl
Version: 2.121
Severity: minor
Tags: patch
Hello,
2 restrictions are missing in
lib/Config/Model/models/Dpkg/Tests/Control.pl:
- superficial
- skippable
I fixed that in salsa repo.
Cheers,
Xavier
-- System Information:
Debian Release: buster/sid
APT
Package: pkg-perl-autopkgtest
Version: 0.50
Severity: wishlist
Hi all,
Some suggestions for pkg-js-autopkgtest based on pkg-js-autopkgtest
discussion with autodep8 maintainers:
- tests skipped should return a 77 exit code and all tests marked as
"Restrictions: skippable". It avoids to
Package: ftp.debian.org
Severity: normal
Hi,
node-clean-css provides no more cleancss package. Could you remove this
binary package from testing/unstable ? It will probably block node-clean-css
migration.
Cheers,
Xavier
Package: node-almond
Severity: important
Tags: patch, pending
Hello,
node-almond shoul install package.json else a simple "require('alond')"
will fail.
Patched in https://salsa.debian.org/georgesk/almond/merge_requests/1
-- System Information:
Debian Release: buster/sid
APT prefers testing
Package: node-almond
Severity: important
Tags: pending
Hello,
node-almond installs files in /usr/lib/nodejs/node-almond which is
wrong: a simple `require('almond')` will fail.
Patched in https://salsa.debian.org/georgesk/almond/merge_requests/1
-- System Information:
Debian Release: buster/sid
Package: wnpp
Severity: wishlist
Owner: Xavier Guimard
* Package name: pkg-js-autopkgtest
Version : 0.1
Upstream Author : Xavier Guimard
* URL : https://salsa.debian.org/js-team/pkg-js-autopkgtest
* License : GPL2+
Programming Lang: Shell
Description
Package: wnpp
Severity: wishlist
Owner: Xavier Guimard
* Package name: popper.js
Version : 1.14.6
Upstream Author : Federico Zivolo
* URL : https://popper.js.org/
* License : Expat
Programming Lang: Javascript
Description : Javascript library
Package: node-get-value
Version: 3.0.1+~3.0.1-1
Severity: serious
Tags: upstream
node-get-value build-depends on node-micromatch which depends on
node-get-value via some packages
-- System Information:
Debian Release: buster/sid
APT prefers testing
APT policy: (600, 'testing'), (50,
Package: ftp.debian.org
Severity: normal
Hi all,
Please remove node-groove from unstable/testing:
- node-groove isn't compatible with nodejs ≥ 10
- upstream seems abandoned (no response to bugs for more than one year)
- reverse dependencies:
- groovebasin is orphaned
-
Package: ftp.debian.org
Severity: normal
Hello,
please remove this package. Due to FTBFS with nodejs ≥ 10, I updated
node-duplexer3 and add a "Provides: node-duplexer2" in it. There are no
real differences between these packages.
This removal request is only for testing/unstable of course.
-bootstrap3-3.3.7+dfsg/debian/changelog 2019-01-06
23:34:50.0 +0100
@@ -1,3 +1,11 @@
+twitter-bootstrap3 (3.3.7+dfsg-2+deb9u1) stretch; urgency=high
+
+ * Team upload.
+ * Fix multiples XSS vulnerabilities (Closes: #907414)
+ * Update debian/copyright
+
+ -- Xavier Guimard Sun, 06
-bootstrap3-3.3.7+dfsg/debian/changelog 2019-01-06
23:34:50.0 +0100
@@ -1,3 +1,11 @@
+twitter-bootstrap3 (3.3.7+dfsg-3+deb9u1) stretch; urgency=high
+
+ * Team upload.
+ * Fix multiples XSS vulnerabilities (Closes: #907414)
+ * Update debian/copyright
+
+ -- Xavier Guimard Sun, 06
Package: coffeescript
Version: 1.12.8~dfsg-2
Severity: wishlist
Please upgrade to 2.x version and remove workaround-918491.patch
Opened to remember to remove this workaround.
-- System Information:
Debian Release: buster/sid
APT prefers testing
APT policy: (900, 'testing'), (500,
Package: lintian
Version: 2.5.114
Severity: wishlist
Hi all,
uscan allows DD to embed components in their packages. Initially this
feature was written for split upstream. Some packages like vlc,
node-mongodb, node-yarn,... use it to include some external components.
It could be safe in this case
Package: dak
Severity: wishlist
Hi all,
uscan allows Debian package to embed components. I think it could be
safe to disallow such packages to enter directly in unstable on upgrade
when a new component is added.
Cheers,
Xavier
-- System Information:
Debian Release: buster/sid
APT prefers
Package: libjs-cryptojs
Version: 3.1.2+dfsg-2
Severity: normal
Hello,
upstream project is archived and replaced by
https://github.com/brix/crypto-js. Could you please update it. We can
also take maintainance of this package under JS-Team umbrella if you
want.
Cheers,
Xavier
-- System
Package: devscripts
Version: 2.18.6
Severity: normal
when launching uscan with a debian/watch using components, all symlinks
point to the last downloaded tarball
-- Package-specific info:
--- /etc/devscripts.conf ---
--- ~/.devscripts ---
Not present
-- System Information:
Debian Release:
Package: devscripts
Version: 2.18.6
Severity: wishlist
User: devscri...@packages.debian.org
Usertags: uscan
Hello,
when upstream repo is set in debian/upstream/metadata and debian/watch
uses mode=git and `git remote show` has a "upstream-repo" entry, uscan
should update "upstream-repo" (git
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hello,
libmail-deliverystatus-bounceparser-perl contains some viruses in its tests
files (#864800). This update proposes to clean
Package: devscripts
Version: 2.18.4
Severity: normal
git mode uses --git-dit= but --git-dir must point to .git
subdir. Replace --git-dir by -C to fix paths
Simple example to reproduce this:
version=4
opts=\
uversionmangle=s/%25/~/,\
dversionmangle=s/\+dfsg\d*$//,\
repacksuffix=+dfsg1,\
Package: qa.debian.org
Severity: wishlist
Tags: patch
Hi all,
as explained in Thorsten mail
(https://alioth-lists.debian.net/pipermail/pkg-javascript-devel/2018-September/027849.html),
node modules may be embedded sometime. After a long discussion with
other members (follow the thread), I built
Package: liblucy-perl
Version: Project Lucy has retired
Severity: important
As announced in http://lucy.apache.org/, project Lucy has retired. I
think we should remove it from buster
-- System Information:
Debian Release: buster/sid
APT prefers testing
APT policy: (900, 'testing'), (500,
Package: libsisimai-perl
Version: 4.22.7-1
Severity: normal
Tags: upstream
Forwarded: https://github.com/sisimai/p5-Sisimai/issues/288
tests.reproducible-builds.org reveals that Sisimai fails when it is
tested when the GMT date differs from the local date. Example with
Package: wnpp
Severity: wishlist
Owner: Xavier Guimard
* Package name: libdbd-mariadb-perl
Version : 1.00
Upstream Author : Pali Rohár
* URL : https://metacpan.org/release/DBD-MariaDB
* License : Artistic or GPL-1+
Programming Lang: Perl
Description
Looking at ocsinventory-server upstream changes, no commits deals with
CVEs and at least CVE-2018-12483 is still in 2.5 (no change on this file)
signature.asc
Description: OpenPGP digital signature
According to
https://github.com/OCSInventory-NG/OCSInventory-Server/issues/129,
CVE-2018-12482 has been fixed upstream (2.5)
signature.asc
Description: OpenPGP digital signature
Package: lintian
Version: 2.5.96
Severity: normal
Hi all,
in debian/tests/control, "allow-stderr" can be used in "Restrictions"
(see /usr/share/doc/autopkgtest/README.package-tests.html), but Lintian
reports:
source: unknown-runtime-tests-restriction allow-stderr paragraph
starting at line
Package: opensaml2
Version: 3.0.0-1
Severity: normal
Hello,
according to
https://wiki.shibboleth.net/confluence/display/OpenSAML/Home, OpenSAML2
has reached its End of Life and is no longer supported.
I'm opening this bug to warn if you've not seen this. Close it if you
already know this
Package: libphp-phpmailer
Version: 5.2.14+dfsg-2.3
Severity: wishlist
Hello, libphp-phpmailer seems out of date, current version is 6.0.5.
Could you update it ?
Cheers,
Xavier
-- System Information:
Debian Release: buster/sid
APT prefers testing
APT policy: (600, 'testing'), (50,
Package: wnpp
Severity: wishlist
Owner: Xavier Guimard
* Package name: libbson-xs-perl
Version : 0.4.3
Upstream Author : David Golden
* URL : https://metacpan.org/release/BSON-XS
* License : Apache-2.0
Programming Lang: Perl
Description : Perl XS
Package: wnpp
Severity: wishlist
Owner: Xavier Guimard
* Package name: libuuid-urandom-perl
Version : 0.001-1
Upstream Author : David Golden
* URL : https://metacpan.org/release/UUID-URandom
* License : Apache 2.0
Programming Lang: Perl
Description
201 - 300 of 418 matches
Mail list logo
