Re: [Pkg-javascript-devel] sockjs-client is in Debian but needs update (Was: [covid-19] shiny-server (Was: dependencies Re: ITP: streamlit))

2022-02-28 Thread Andreas Tille 
Hi Pirate,

Am Mon, Feb 28, 2022 at 01:32:41PM +0530 schrieb Pirate Praveen:
> >
> >Yes.  The ITP should have been closed manually long before.  The fact
> >that this not happened yet is IMHO a sign that the original maintainer
> >does not care any more for the package (and forgot to orphan it).
> > 
> 
> Gitlab has 1600+ node dependencies when I counted last time (may have even 
> grown bigger by now). So currently it is just a yarn install in contrib 
> section for most dependencies. With security updates coming every month 
> packaging node dependencies is happening very very slow. So if you see my 
> name anywhere in any node package, just go ahead and do the right thing, as 
> noted by Nilesh (just coordinate well in case of breaking changes). I'm not 
> particularly attached to any team maintained packages, I'm only happy if 
> others update packages where I'm an uploader.

I perfectly understand since we both obviously share the same attitude.  Thanks 
for clarifying explicitly anyway

   Andreas. 

-- 
http://fam-tille.de

Re: [Pkg-javascript-devel] sockjs-client is in Debian but needs update (Was: [covid-19] shiny-server (Was: dependencies Re: ITP: streamlit))

2022-02-28 Thread Andrius Merkys 
Hi Eric,

On 2022-02-27 22:36, Eric Brown wrote:
> Likewise, thank you very much! It’s exciting that the dependencies for
> shiny-server are coming together. Please note the upstream for
> sockjs-client responded to me and released 1.6.0 which also updates some
> other dependency versions.

You are welcome. I have uploaded node-sockjs-client on Friday, it is in
NEW now. I will update it to 1.6.0 once it clears NEW.

It would be nice if someone could take a look at shiny-server, since it
starts to come together finally. I most likely will not have time for
that. I would suggest against updating it at first, as new JS
dependencies have a tendency to appear rapidly.

Best,
Andrius

Re: [Pkg-javascript-devel] sockjs-client is in Debian but needs update (Was: [covid-19] shiny-server (Was: dependencies Re: ITP: streamlit))

2022-02-28 Thread Pirate Praveen 



2022, ഫെബ്രുവരി 25 11:19:41 AM IST, Andreas Tille ൽ എഴുതി
>Hi,
>
>Am Fri, Feb 25, 2022 at 03:09:36AM +0530 schrieb Nilesh Patra:
>> 
>> >Sure. It would be nice to get ACK from Pirate, though, as he owns the ITP.
>> 
>> I am a bit confused, why would you need ack from someone who ITP'ed it, even 
>> if you need the ack, you'd ask this to the maintainer, right?
>
>Yes.  The ITP should have been closed manually long before.  The fact
>that this not happened yet is IMHO a sign that the original maintainer
>does not care any more for the package (and forgot to orphan it).
> 

Gitlab has 1600+ node dependencies when I counted last time (may have even 
grown bigger by now). So currently it is just a yarn install in contrib section 
for most dependencies. With security updates coming every month packaging node 
dependencies is happening very very slow. So if you see my name anywhere in any 
node package, just go ahead and do the right thing, as noted by Nilesh (just 
coordinate well in case of breaking changes). I'm not particularly attached to 
any team maintained packages, I'm only happy if others update packages where 
I'm an uploader.
-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.

Re: [Pkg-javascript-devel] sockjs-client is in Debian but needs update (Was: [covid-19] shiny-server (Was: dependencies Re: ITP: streamlit))

2022-02-27 Thread Eric Brown 
Hi Andrius,
Likewise, thank you very much! It’s exciting that the dependencies for
shiny-server are coming together. Please note the upstream for
sockjs-client responded to me and released 1.6.0 which also updates some
other dependency versions.
https://github.com/sockjs/sockjs-client/releases/tag/v1.6.0
Best,
Eric

On Fri, Feb 25, 2022 at 08:51 Andreas Tille  wrote:

> Hi Andrius,
>
> Am Fri, Feb 25, 2022 at 03:27:43PM +0200 schrieb Andrius Merkys:
> >
> > Since there are no reverse dependencies on libjs-sockjs and we are not
> > in a hurry with shiny-server (we can still work on that with local
> > node-sockjs-client package), I would like to avoid experimental. This
> > way I would not have to deal with Breaks+Replaces due to same locations
> > occupied by two different packages.
>
> Perfectly fine for me.
>
> Thanks a lot for caring for this package
>
>Andreas.
>
> --
> http://fam-tille.de
>
-- 
Eric Brown MD MSc FRCPC
For encryption, OpenPGP public key available on request.

Re: [Pkg-javascript-devel] sockjs-client is in Debian but needs update (Was: [covid-19] shiny-server (Was: dependencies Re: ITP: streamlit))

2022-02-25 Thread Andreas Tille 
Hi Andrius,

Am Fri, Feb 25, 2022 at 03:27:43PM +0200 schrieb Andrius Merkys:
> 
> Since there are no reverse dependencies on libjs-sockjs and we are not
> in a hurry with shiny-server (we can still work on that with local
> node-sockjs-client package), I would like to avoid experimental. This
> way I would not have to deal with Breaks+Replaces due to same locations
> occupied by two different packages.

Perfectly fine for me.

Thanks a lot for caring for this package

   Andreas. 

-- 
http://fam-tille.de

Re: [Pkg-javascript-devel] sockjs-client is in Debian but needs update (Was: [covid-19] shiny-server (Was: dependencies Re: ITP: streamlit))

2022-02-25 Thread Andrius Merkys 
Hello,

Replying to Nilesh and Andreas in the same mail.

On 2022-02-25 07:49, Andreas Tille wrote:
> Am Fri, Feb 25, 2022 at 03:09:36AM +0530 schrieb Nilesh Patra:
>>> Sure. It would be nice to get ACK from Pirate, though, as he owns the ITP.
>> I am a bit confused, why would you need ack from someone who ITP'ed it, even 
>> if you need the ack, you'd ask this to the maintainer, right?
> Yes.  The ITP should have been closed manually long before.  The fact
> that this not happened yet is IMHO a sign that the original maintainer
> does not care any more for the package (and forgot to orphan it).

I admit I got confused a bit. There is an orphaning bug [1] without an
owner and ITP bug [2] owned by Pirate Praveen. I think I will merge
these and close them with the upload.

[1] https://bugs.debian.org/836492
[2] https://bugs.debian.org/886155

>> But in any case, this does not seem to have any reverse dependencies so this 
>> should be safe to upload. As far as I know Praveen, he will not stop you 
>> until it breaks something (the package is in a bitrot anyway)
> Yes.
>  
>>> FYI, the upload will have to go through NEW due to both source and binary
>>> package renaming.
>> Although this does not make much sense to do this here but still if you want 
>> to play extra safe, you might want to upload it targetting experimental.
> You might even consider using the old name for an upload to unstable and
> at the same time push a renamed package to experimental via new.  This
> would enable to keep on working on shiny-server (despite I'm not sure
> whether we need to be in a hurry here ... I personally have other things
> on my table unfortunately).

Since there are no reverse dependencies on libjs-sockjs and we are not
in a hurry with shiny-server (we can still work on that with local
node-sockjs-client package), I would like to avoid experimental. This
way I would not have to deal with Breaks+Replaces due to same locations
occupied by two different packages.

Best,
Andrius

Re: [Pkg-javascript-devel] sockjs-client is in Debian but needs update (Was: [covid-19] shiny-server (Was: dependencies Re: ITP: streamlit))

2022-02-24 Thread Andreas Tille 
Hi,

Am Fri, Feb 25, 2022 at 03:09:36AM +0530 schrieb Nilesh Patra:
> 
> >Sure. It would be nice to get ACK from Pirate, though, as he owns the ITP.
> 
> I am a bit confused, why would you need ack from someone who ITP'ed it, even 
> if you need the ack, you'd ask this to the maintainer, right?

Yes.  The ITP should have been closed manually long before.  The fact
that this not happened yet is IMHO a sign that the original maintainer
does not care any more for the package (and forgot to orphan it).
 
> But in any case, this does not seem to have any reverse dependencies so this 
> should be safe to upload. As far as I know Praveen, he will not stop you 
> until it breaks something (the package is in a bitrot anyway)

Yes.
 
> >FYI, the upload will have to go through NEW due to both source and binary
> >package renaming.
> 
> Although this does not make much sense to do this here but still if you want 
> to play extra safe, you might want to upload it targetting experimental.

You might even consider using the old name for an upload to unstable and
at the same time push a renamed package to experimental via new.  This
would enable to keep on working on shiny-server (despite I'm not sure
whether we need to be in a hurry here ... I personally have other things
on my table unfortunately).

Kind regards

  Andreas. 

-- 
http://fam-tille.de

Re: [Pkg-javascript-devel] sockjs-client is in Debian but needs update (Was: [covid-19] shiny-server (Was: dependencies Re: ITP: streamlit))

2022-02-24 Thread Nilesh Patra 



On 25 February 2022 2:36:28 am IST, Andrius Merkys  wrote:
>On Thu, 24 Feb 2022, 22:21 Andreas Tille,  wrote:
>> > I have turned this commit into a patch, and now sockjs-client builds and
>> > passes its autopkgtest successfully. So we do not have to wait for the
>> > next release.
>>
>> Would you mind uploading?
>
>
>Sure. It would be nice to get ACK from Pirate, though, as he owns the ITP.

I am a bit confused, why would you need ack from someone who ITP'ed it, even if 
you need the ack, you'd ask this to the maintainer, right?

But in any case, this does not seem to have any reverse dependencies so this 
should be safe to upload. As far as I know Praveen, he will not stop you until 
it breaks something (the package is in a bitrot anyway)

>FYI, the upload will have to go through NEW due to both source and binary
>package renaming.

Although this does not make much sense to do this here but still if you want to 
play extra safe, you might want to upload it targetting experimental.

Regards,
Nilesh

Re: sockjs-client is in Debian but needs update (Was: [covid-19] shiny-server (Was: dependencies Re: ITP: streamlit))

2022-02-24 Thread Andrius Merkys 
On Thu, 24 Feb 2022, 22:21 Andreas Tille,  wrote:

> Am Wed, Feb 23, 2022 at 06:10:24PM +0200 schrieb Andrius Merkys:
> > >
> https://github.com/sockjs/sockjs-client/commit/d9584abe2c7c913ce95a1aea29e5744dd85e1af4
> > > <
> https://github.com/sockjs/sockjs-client/commit/d9584abe2c7c913ce95a1aea29e5744dd85e1af4
> >
> >
> > I have turned this commit into a patch, and now sockjs-client builds and
> > passes its autopkgtest successfully. So we do not have to wait for the
> > next release.
>
> Would you mind uploading?


Sure. It would be nice to get ACK from Pirate, though, as he owns the ITP.

FYI, the upload will have to go through NEW due to both source and binary
package renaming.

Best,
Andrius

Re: sockjs-client is in Debian but needs update (Was: [covid-19] shiny-server (Was: dependencies Re: ITP: streamlit))

2022-02-24 Thread Andreas Tille 
Hi Andrius,

Am Wed, Feb 23, 2022 at 06:10:24PM +0200 schrieb Andrius Merkys:
> > https://github.com/sockjs/sockjs-client/commit/d9584abe2c7c913ce95a1aea29e5744dd85e1af4
> > 
> 
> I have turned this commit into a patch, and now sockjs-client builds and
> passes its autopkgtest successfully. So we do not have to wait for the
> next release.

Would you mind uploading?

Kind regards
Andreas.

-- 
http://fam-tille.de

Re: sockjs-client is in Debian but needs update (Was: [covid-19] shiny-server (Was: dependencies Re: ITP: streamlit))

2022-02-23 Thread Andrius Merkys 
Hi Eric,

On 2022-02-22 14:52, Eric Brown wrote:
> If I’m understanding the below correctly, it appears that the node-json3
> may already have been removed from the dependency socksjs-client, but
> the updated version is not released yet.
> 
> https://github.com/sockjs/sockjs-client/commit/d9584abe2c7c913ce95a1aea29e5744dd85e1af4
> 

I have turned this commit into a patch, and now sockjs-client builds and
passes its autopkgtest successfully. So we do not have to wait for the
next release.

Best,
Andrius

Re: sockjs-client is in Debian but needs update (Was: [covid-19] shiny-server (Was: dependencies Re: ITP: streamlit))

2022-02-22 Thread Eric Brown 
Thanks Andrius,

I filed an issue asking the upstream dev to consider a new release:

https://github.com/sockjs/sockjs-client/issues/577

Best,
Eric


On Tue, Feb 22, 2022 at 09:20 Andrius Merkys  wrote:

> Hi Eric,
>
> On 2022-02-22 14:52, Eric Brown wrote:
> > If I’m understanding the below correctly, it appears that the node-json3
> > may already have been removed from the dependency socksjs-client, but
> > the updated version is not released yet.
> >
> >
> https://github.com/sockjs/sockjs-client/commit/d9584abe2c7c913ce95a1aea29e5744dd85e1af4
> > <
> https://github.com/sockjs/sockjs-client/commit/d9584abe2c7c913ce95a1aea29e5744dd85e1af4
> >
>
> Great - this saves quite some work.
>
> > I wonder if we ask the dev to consider a release, and then update the
> > Debian package, that would solve the problem?
>
> Preferably. Otherwise we could convert this commit to a patch and
> attempt applying it, or package development version, but having a stable
> release would be better.
>
> Best,
> Andrius
>
-- 
Eric Brown MD MSc FRCPC
For encryption, OpenPGP public key available on request.

Re: sockjs-client is in Debian but needs update (Was: [covid-19] shiny-server (Was: dependencies Re: ITP: streamlit))

2022-02-22 Thread Andrius Merkys 
Hi Eric,

On 2022-02-22 14:52, Eric Brown wrote:
> If I’m understanding the below correctly, it appears that the node-json3
> may already have been removed from the dependency socksjs-client, but
> the updated version is not released yet.
> 
> https://github.com/sockjs/sockjs-client/commit/d9584abe2c7c913ce95a1aea29e5744dd85e1af4
> 

Great - this saves quite some work.

> I wonder if we ask the dev to consider a release, and then update the
> Debian package, that would solve the problem?

Preferably. Otherwise we could convert this commit to a patch and
attempt applying it, or package development version, but having a stable
release would be better.

Best,
Andrius

Re: sockjs-client is in Debian but needs update (Was: [covid-19] shiny-server (Was: dependencies Re: ITP: streamlit))

2022-02-22 Thread Andreas Tille 
Hi Andrius,

Am Tue, Feb 22, 2022 at 01:27:57PM +0200 schrieb Andrius Merkys:
> On 2022-02-22 13:20, Andreas Tille wrote:
> > Unfortunately we have a new problem as
> > autopkgtest shows[4]
> > 
> >sockjs-client : Depends: node-json3 (>= 3.3.2) but it is not installable
> > 
> > while we had this package before it was removed[5] from Debian.
> > 
> > I need to admit that I have no idea how to sensibly proceed from here
> > and would love if someone from Debian Javascript Maintainers would take
> > over from here.
> 
> Citing [6]:
> 
>   JSON 3 is **deprecated** and **no longer maintained**. Please don't
>   use it in new projects, and migrate existing projects to use the
>   native `JSON.parse` and `JSON.stringify` instead.
> 
> My sense is that sockjs-client needs node-json3 usage replaced with
> calls to native JSON module (by upstream or by patch).

I'd fully agree here but I decided to let the needed action be taken
by someone who is comfortable with JS universe (which I'm not).

Kind regards

  Andreas.

> > [1] https://tracker.debian.org/pkg/sockjs-client
> > [2] https://salsa.debian.org/js-team/node-sockjs-client
> > [3] https://bugs.debian.org/979958
> > [4] https://salsa.debian.org/js-team/node-sockjs-client/-/jobs/2499248
> > [5] https://bugs.debian.org/931653
> 
> [6] https://www.npmjs.com/package/json3
> 
> Best,
> Andrius
> 

-- 
http://fam-tille.de

sockjs-client is in Debian but needs update (Was: [covid-19] shiny-server (Was: dependencies Re: ITP: streamlit))

2022-02-22 Thread Andreas Tille 
Hi,

I checked the hint "some work on sockjs-client done in salsa" which is
not complete since there is "competing work" even inside Debian[1].
Since its Git repository points to alioth I simply took the freedom to
merge the old packaging code into the work on Salsa[2] and shamelessly
sticked to the old name without the leading "node-" (which is wrong
but I intended to avoid passing new queue for the moment).

I think we can close the open bug[3] with the new latest upstream
version which I've injected.  Unfortunately we have a new problem as
autopkgtest shows[4]

   sockjs-client : Depends: node-json3 (>= 3.3.2) but it is not installable

while we had this package before it was removed[5] from Debian.

I need to admit that I have no idea how to sensibly proceed from here
and would love if someone from Debian Javascript Maintainers would take
over from here.

Kind regards
 Andreas.

[1] https://tracker.debian.org/pkg/sockjs-client
[2] https://salsa.debian.org/js-team/node-sockjs-client
[3] https://bugs.debian.org/979958
[4] https://salsa.debian.org/js-team/node-sockjs-client/-/jobs/2499248
[5] https://bugs.debian.org/931653

Am Tue, Feb 22, 2022 at 08:23:23AM +0200 schrieb Andrius Merkys:
> Hi Eric,
> 
> On 2022-02-22 06:43, Eric Brown wrote:
> > It appears that significant progress has been made in packaging the
> > dependencies of shiny-server. I wonder if anyone is interested and
> > able to revisit packaging shiny-server?
> 
> In past I have worked to package the dependencies of shiny-server.
> Sadly, I do not have enough free cycles to work on shiny-server now. It
> would be great if someone experienced in JS (js-team?) could give it a look.
> 
> As for the remaining dependencies, sockjs, sockjs-client and rewire
> stands out. There is some work on sockjs-client done in salsa, seemingly
> never uploaded.
> 
> Best,
> Andrius
> 
> 

-- 
http://fam-tille.de

Re: [covid-19] shiny-server (Was: dependencies Re: ITP: streamlit)

2022-02-21 Thread Andrius Merkys 
Hi Eric,

On 2022-02-22 06:43, Eric Brown wrote:
> It appears that significant progress has been made in packaging the
> dependencies of shiny-server. I wonder if anyone is interested and
> able to revisit packaging shiny-server?

In past I have worked to package the dependencies of shiny-server.
Sadly, I do not have enough free cycles to work on shiny-server now. It
would be great if someone experienced in JS (js-team?) could give it a look.

As for the remaining dependencies, sockjs, sockjs-client and rewire
stands out. There is some work on sockjs-client done in salsa, seemingly
never uploaded.

Best,
Andrius

Re: [covid-19] shiny-server (Was: dependencies Re: ITP: streamlit)

2022-02-21 Thread Eric Brown 
Hello,

It appears that significant progress has been made in packaging the
dependencies of shiny-server. I wonder if anyone is interested and
able to revisit packaging shiny-server?

 npm2deb depends -r
https://github.com/rstudio/shiny-server/raw/master/package.json
Dependencies:
NPM   Debian
shiny-server (1.5.18) None
├─ bash (0.0.1)   node-bash (0.0.1-4)
├─ client-sessions (^0.8.0)   node-client-sessions (0.8.0-3)
├─ compression (^1.7.4)   node-compression (1.7.4-3)
├─ express (^4.17.2)  node-express
(4.17.3+~4.17.13-1)
├─ faye-websocket (^0.11.4)   node-faye-websocket (0.11.4-1)
├─ graceful-fs (^4.2.9)   node-graceful-fs
(4.2.4+repack-1)
├─ handlebars (^4.7.7)node-handlebars
(3:4.7.7+~4.1.0-1)
├─ http-proxy (^1.18.1)   node-http-proxy (1.18.1-6)
├─ ip-address (^8.1.0)node-ip-address (8.1.0-2)
├─ log4js (^6.4.1)node-log4js (6.4.1+~cs8.3.5-1)
├─ moment (^2.29.1)   node-moment (2.29.1+ds-3)
├─ morgan (^1.10.0)   node-morgan (1.10.0-2)
├─ nan (^2.15.0)  node-nan (2.15.0-1)
├─ optimist 
(github:rstudio/node-optimist#dbbadda31e53b63225a57e172a528b1ddc52be52)node-optimist
(0.6.1+~0.0.30-1)
├─ pause (0.1.0)  node-pause (0.1.0-4)
├─ q (^1.5.1) node-q (1.5.1-4)
├─ qs (^6.10.3)   node-qs (6.10.3+ds+~6.9.7-1)
├─ send (^0.17.2) node-send (0.17.2-2)
├─ shiny-server-client
(github:rstudio/shiny-server-client#v1.2.0)node-shiny-server-client
(1.0.0+git20180820.eba5e90+dfsg-5)
├─ sockjs (^0.3.24)   None
│  ├─ faye-websocket (^0.11.3)node-faye-websocket (0.11.4-1)
│  ├─ uuid (^8.3.2)   node-uuid (8.3.2+~8.3.3-1)
│  └─ websocket-driver (^0.7.4)
node-websocket-driver (0.7.4+~cs0.6.7-2)
├─ sockjs-client (github:jcheng5/sockjs-client#v1.5.2.2-jcheng5)None
│  ├─ debug (^3.2.6)  node-debug (4.3.2+~cs4.1.7-1)
│  ├─ eventsource (^1.0.7)node-eventsource
(1.1.0+~1.1.8-1)
│  ├─ faye-websocket (^0.11.3)node-faye-websocket (0.11.4-1)
│  ├─ inherits (^2.0.4)   node-inherits (2.0.4-4)
│  ├─ json3 (^3.3.3)  nodejs
(16.13.2+really14.19.0~dfsg-1)
│  └─ url-parse (^1.5.3)  node-url-parse
(1.5.9+~1.4.8-1)
├─ split (^1.0.1) node-split (1.0.1-1)
├─ stable (^0.1.8)None
└─ underscore (^1.13.2)   underscore (1.13.2~dfsg-2)

Build dependencies:
NPM   Debian
mocha (^9.2.0)node-mocha
(9.2.0+ds1+~cs28.5.4-1)
rewire (^6.0.0)   None
should (^13.2.3)  should.js (13.2.3~dfsg-5)
sinon (^13.0.1)   node-sinon
(13.0.1+ds+~cs71.22.21-2)

Warnings occurred:
 [warning] stable: stable is included in node-svgo. Package it
separately and remove it from node-svgo if you need it for another
module.
 [error]   json3: No longer maintained, use the native `JSON.parse`
and `JSON.stringify` instead


Warm regards,
Eric

[covid-19] shiny-server (Was: dependencies Re: ITP: streamlit)

2020-04-08 Thread Andreas Tille 
Hi Rebecca,

On Wed, Apr 08, 2020 at 01:48:52PM +0100, Rebecca N. Palmer wrote:
> It does (and eslint itself is one of the packages that we do have but
> npm2deb can't find), but even ignoring build dependencies completely and
> assuming we can use the plotly.js embedded in python3-plotly or
> r-cran-plotly, the recursive dependency tree is >300 different
> not-yet-packaged modules.  (I don't have the exact count because npm2deb
> depends -r repeatedly failed part-way through.)
> 
> shiny-server (11 recursive JS dependencies) might be a more reasonable
> target.

I fully agree that shiny-server is an extremely valuable target as well.

Kind regards

 Andreas. 

-- 
http://fam-tille.de