Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock X-Debbugs-Cc: node-si...@packages.debian.org Control: affects -1 + src:node-sinon
Please unblock package node-sinon [ Reason ] node-sinon is a package used during JS tests. In Debian JS Team we choose to launch autopkgtest with `--disable-proto=throw` to ensure that JS packages don't used this old way to access to prototype for security reasons. This change started in September 2022 (pkg-js-autopkgtest 0.15.x). node-sinon currently parses all object properties without avoid __proto__. This breaks (at least) node-nock autopkgtest. [ Impact ] No change, the patch just avoid parsing __proto__ [ Tests ] No change in test, still pass (autopkgtest + build). This fixed also node-nock test. [ Risks ] No risk here, patch is trivial [ Checklist ] [X] all changes are documented in the d/changelog [X] I reviewed all changes and I approve them [X] attach debdiff against the package in testing [ Other info ] This debdiff adds also some tips from lintian-brush (lintian tags and metadata update) Cheers, Yadd unblock node-sinon/14.0.2+ds+~cs74.13.25-2
diff --git a/debian/changelog b/debian/changelog index aaace48..111c526 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,14 @@ +node-sinon (14.0.2+ds+~cs74.13.25-2) unstable; urgency=medium + + * Team upload + * Update lintian override info format in d/source/lintian-overrides + on line 2-3 + * Set upstream metadata fields: Bug-Database, Bug-Submit, Repository-Browse + * Update standards version to 4.6.2, no changes needed + * Drop calls to __proto__ (Closes: #1033818) + + -- Yadd <y...@debian.org> Mon, 03 Apr 2023 07:26:51 +0400 + node-sinon (14.0.2+ds+~cs74.13.25-1) unstable; urgency=medium * Team upload diff --git a/debian/control b/debian/control index 1a73a29..c60cd62 100644 --- a/debian/control +++ b/debian/control @@ -27,7 +27,7 @@ Build-Depends: , node-supports-color , node-type-detect , node-util <!nocheck> -Standards-Version: 4.6.1 +Standards-Version: 4.6.2 Vcs-Browser: https://salsa.debian.org/js-team/node-sinon Vcs-Git: https://salsa.debian.org/js-team/node-sinon.git Homepage: https://sinonjs.org/ diff --git a/debian/patches/dont-try-to-access-to-__proto__.patch b/debian/patches/dont-try-to-access-to-__proto__.patch new file mode 100644 index 0000000..5973750 --- /dev/null +++ b/debian/patches/dont-try-to-access-to-__proto__.patch @@ -0,0 +1,16 @@ +Description: don't try to access to __proto__ +Author: Yadd <y...@debian.org> +Forwarded: no +Last-Update: 2023-04-03 + +--- a/lib/sinon/util/core/walk.js ++++ b/lib/sinon/util/core/walk.js +@@ -17,7 +17,7 @@ + } + + forEach(Object.getOwnPropertyNames(obj), function (k) { +- if (seen[k] !== true) { ++ if (k !== '__proto__' && seen[k] !== true) { + seen[k] = true; + var target = + typeof Object.getOwnPropertyDescriptor(obj, k).get === diff --git a/debian/patches/series b/debian/patches/series index ffb3e1f..b2b7689 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -2,3 +2,4 @@ fix-sinonjsreferee-sinon-test.diff reproducible.patch fix-for-path-to-regexp-6.patch drop-unstable-test.patch +dont-try-to-access-to-__proto__.patch diff --git a/debian/source/lintian-overrides b/debian/source/lintian-overrides index 3f4d9d6..05b110e 100644 --- a/debian/source/lintian-overrides +++ b/debian/source/lintian-overrides @@ -1,6 +1,6 @@ # False positive: data -source-is-missing *sinonjstext-encoding/lib/encoding-indexes.js* -source-contains-prebuilt-javascript-object *sinonjstext-encoding/lib/encoding-indexes.js* +source-is-missing [*sinonjstext-encoding/lib/encoding-indexes.js*] +source-contains-prebuilt-javascript-object [*sinonjstext-encoding/lib/encoding-indexes.js*] very-long-line-length-in-source-file *sinonjsfake-timers/LICENSE* very-long-line-length-in-source-file *sinonjstext-encoding/lib/encoding-indexes.js* very-long-line-length-in-source-file *.md* diff --git a/debian/upstream/metadata b/debian/upstream/metadata index 6d85d64..c5adee0 100644 --- a/debian/upstream/metadata +++ b/debian/upstream/metadata @@ -1,6 +1,6 @@ --- Archive: GitHub -Bug-Database: https://github.com/cjohansen/Sinon.JS/issues -Bug-Submit: https://github.com/cjohansen/Sinon.JS/issues/new +Bug-Database: https://github.com/sinonjs/sinon/issues +Bug-Submit: https://github.com/sinonjs/sinon/issues/new Repository: https://github.com/cjohansen/Sinon.JS.git -Repository-Browse: https://github.com/cjohansen/Sinon.JS +Repository-Browse: https://github.com/sinonjs/sinon