Package: jest
Version: 26.6.3+repack+~cs61.38.31-2
Severity: normal
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
jest declares a runtime dependency on babel7.
Upstream seemingly only build-depends on babel-related modules.
Please either...
a) stop depend on babel7 if not really needed at r
Package: node-css-loader
Version: 3.2.1+~cs21.3.8.1-2
Severity: normal
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
node-css-loader declares a runtime dependency on babel7.
Upstream seemingly declares no babel-related runtime dependnencies.
Please either drop the runtime dependency on babel7
.
- Jonas
--
* Jonas Smedegaard - idealist & Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.jones.dk/
[x] quote me freely [ ] ask before reusing [ ] keep private
signature.asc
Description: signature
--
Pkg-javascript-devel mailing list
Pkg-javascript-devel@alioth-lists.debian.net
h
Quoting Xavier (2020-12-13 22:00:53)
> Le 13/12/2020 à 20:53, Jonas Smedegaard a écrit :
> > Control: severity 977269 important
> > Control: tags 977269 +moreinfo +unreproducible
> >
> > Quoting Jonas Smedegaard (2020-12-13 20:29:46)
> >> Quoting J
Package: node-uglifyjs-webpack-plugin
Version: 1.3.0-9
Severity: serious
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
node-uglifyjs-webpack-plugin is dead since 1.5 years, already carries a
patch to not actually use node-uglifyjs but node-terser, and terser will
soon see a major backwards-inco
Package: node-less
Version: 4.1.2-7
Severity: serious
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
node-less depends on node-terser, which will soon see a major
backwards-incompatible upgrade.
Seem to me nothing in binary package node-less actually calls "terser"
and that the runtime dependen
Control: severity 977269 important
Control: tags 977269 +moreinfo +unreproducible
Quoting Jonas Smedegaard (2020-12-13 20:29:46)
> Quoting Jonas Smedegaard (2020-12-13 17:22:05)
> > Quoting Xavier Guimard (2020-12-13 13:19:47)
> > > Package: node-rollup-plugin-terser
>
Quoting Jonas Smedegaard (2020-12-13 17:22:05)
> Quoting Xavier Guimard (2020-12-13 13:19:47)
> > Package: node-rollup-plugin-terser
> > Version: 7.0.2-2
> > Severity: grave
> > Justification: renders package unusable
> >
> > When trying current rollup-plugi
t;main" entry
Neither node-rollup-plugin-terser nor node-terser asks for files below
/home/xavier - please try locate which code did that.
- Jonas
--
* Jonas Smedegaard - idealist & Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.jones.dk/
[x] quote me freely [
Quoting Pirate Praveen (2020-12-08 13:50:33)
> On Tue, Dec 8, 2020 at 13:45, Jonas Smedegaard wrote:
> > Thanks for raising that concern, Andrius.
> >
> > An RC bug has already been filed for that purpose, however:
> > bug#956423.
>
> I did not see an
Package: wnpp
Severity: wishlist
Owner: Jonas Smedegaard
X-Debbugs-Cc: debian-de...@lists.debian.org, Debian Javascript Maintainers
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
* Package name: node-eslint-plugin-es
Version : 1.4.1
Upstream Author : Toru Nagashima
* URL
hink we should file an rc bug against node-request to allow auto
> > removal from testing.
>
> I agree. By seeing node-request being worked on I assumed it has been
> decided to keep it in bullseye.
Thanks for raising that concern, Andrius.
An RC bug has already been filed for tha
Quoting Xavier (2020-12-08 11:44:55)
> Le Mardi, Décembre 08, 2020 11:38 CET, Jonas Smedegaard
> a écrit:
> > Quoting Xavier (2020-12-08 11:33:40)
> > > Le Mardi, Décembre 08, 2020 11:07 CET, Jonas Smedegaard
> > > a écrit:
> > > > Quoting Xavier (20
Quoting Jonas Smedegaard (2020-12-08 11:38:24)
> Quoting Xavier (2020-12-08 11:33:40)
> > Le Mardi, Décembre 08, 2020 11:07 CET, Jonas Smedegaard a
> > écrit:
> >
> > > Quoting Xavier (2020-12-08 10:47:20)
> > > > Thanks, I had to replace &q
Quoting Xavier (2020-12-08 11:33:40)
> Le Mardi, Décembre 08, 2020 11:07 CET, Jonas Smedegaard a
> écrit:
>
> > Quoting Xavier (2020-12-08 10:47:20)
> > > Thanks, I had to replace "ds" by "repack" since checksum decreased: I
> > > remov
hen more elegant to simply bump it
- i.e. change suffix ~ds to ~ds1
- Jonas
--
* Jonas Smedegaard - idealist & Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.jones.dk/
[x] quote me freely [ ] ask before reusing [ ] keep private
signature.asc
Description: signature
--
Pkg
Quoting Xavier (2020-12-08 10:14:49)
> Le 08/12/2020 à 10:04, Jonas Smedegaard a écrit :
> > Quoting Xavier (2020-12-08 09:44:00)
> >> what is wrong in "Breaks: jest (<< 2.26.3+repack~),
> >> node-jest-debbundle (<< 2.26.3+repack~)" ? Jest version
Quoting Jonas Smedegaard (2020-12-08 10:04:13)
> Quoting Xavier (2020-12-08 09:44:00)
> > what is wrong in "Breaks: jest (<< 2.26.3+repack~), node-jest-debbundle
> > (<< 2.26.3+repack~)" ? Jest version in unstable is
> > "26.6.3+repack+~cs61.38.3
ck+~cs61.38.31-1"
7.0.0+~cs8.3.2-1 is higher than 2.26.3+repack~
...because 3.2 is higher than 3+
...because + means "just above" so beats only nothing or 0.
> It seems that jest will migrate tomorrow to testing, then this bug
> should be fixed automatically
Possibly
Source: node-jest
Version: 26.6.3+repack+~cs61.38.31-1
Severity: important
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
eslint will soon depend on node-natural-compare,
which is currently a virtual package provided by jest.
That means eslint and all its consumers,
many of which do not need je
Quoting Pirate Praveen (2020-12-06 12:08:29)
>
>
> On Sun, Dec 6, 2020 at 11:37, Jonas Smedegaard wrote:
> > Sorry, I was unclear. Let me try rephrase to clarify:
> >
> > ftpmaster strongly dislikes (i.e. they will reject) too tiny source
> > packages
Quoting Xavier (2020-12-06 07:59:25)
> Le 06/12/2020 à 02:14, Jonas Smedegaard a écrit :
> > Quoting Xavier (2020-12-03 21:19:48)
> >> Le 03/12/2020 à 19:17, Jonas Smedegaard a écrit :
> >>> This bug 976331 is *not* about repackaging embedded modules as
> >>
Quoting Xavier (2020-12-03 21:19:48)
> Le 03/12/2020 à 19:17, Jonas Smedegaard a écrit :
> > Quoting Xavier (2020-12-03 18:42:17)
> >> Le 03/12/2020 à 18:21, Jonas Smedegaard a écrit :
> >>> Quoting Xavier (2020-12-03 17:33:18)
> >>>> Le
Package: ts-node
Version: 9.0.0-1
Severity: serious
Justification: Policy 3.5
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
ts-node package lacks declaring its runtime dependencies:
node-arg
node-diff
node-make-error
node-source-map-support
node-yn
(yes, I notice that ts-node is only in
Quoting Xavier (2020-12-05 22:34:06)
> Le 05/12/2020 à 22:22, Jonas Smedegaard a écrit :
> > Package: node-cosmiconfig,jest
> > Severity: normal
> >
> > Both node-cosmiconfig and jest embed Nodejs module callsites.
> >
> > jest provides it as virtual pac
Package: node-cosmiconfig,jest
Severity: normal
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Both node-cosmiconfig and jest embed Nodejs module callsites.
jest provides it as virtual package node-callsites,
but jest has a much larger (build-dependency tree.
Please consider shifting to provid
Quoting Xavier (2020-12-05 20:42:23)
> Control: tags -1 + pending
>
> Le 05/12/2020 à 19:19, Jonas Smedegaard a écrit :
> > Please consider updating to 1.0rc3 (in preparation for 1.0rc4 which
> > might soon be released, judging from issue tracker chatter).
[...]
>
Package: node-cheerio
Version: 0.22.0-2
Severity: normal
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi,
Thanks for packaging Cheerio.
Currently packaged release is the latest upstream stable release,
but was released 4 years ago . 1.0rc1 was released 3.5 years ago
and 1.0rc3 was released 1
Quoting Xavier (2020-12-04 16:35:31)
> Le 04/12/2020 à 15:32, Jonas Smedegaard a écrit :
> > Quoting Xavier (2020-12-04 11:48:58)
> >> Le 03/12/2020 à 19:05, Jonas Smedegaard a écrit :
> >>> Quoting Xavier (2020-12-03 18:30:54)
> >>>> Le
Quoting Xavier (2020-12-04 16:18:58)
> Le 04/12/2020 à 15:32, Jonas Smedegaard a écrit :
> > Quoting Xavier (2020-12-04 11:48:58)
> >> I'll study if node-babel7 can be split into multiple packages. It
> >> took me around 4 hours to split jest correctly...
>
Quoting Xavier (2020-12-04 11:48:58)
> Le 03/12/2020 à 19:05, Jonas Smedegaard a écrit :
> > Quoting Xavier (2020-12-03 18:30:54)
> >> Le 03/12/2020 à 18:07, Jonas Smedegaard a écrit :
> >>> Please provide real (not virtual) package node-jest-worker, and
> >
t' in policy.
And apples are not oranges.
If you meant to put words into my mouth, then please don't.
- Jonas
--
* Jonas Smedegaard - idealist & Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.jones.dk/
[x] quote me freely [ ] ask before reusing [ ] keep privat
you but I might very well be
worse than you in explaining myself and understaning what you write...
- Jonas
--
* Jonas Smedegaard - idealist & Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.jones.dk/
[x] quote me freely [ ] ask before reusing [ ] keep private
signature.a
Quoting Xavier (2020-12-03 18:42:17)
> Le 03/12/2020 à 18:21, Jonas Smedegaard a écrit :
> > Quoting Xavier (2020-12-03 17:33:18)
> >> Le 03/12/2020 à 16:36, Jonas Smedegaard a écrit :
> >>> Quoting Xavier (2020-12-03 15:44:48)
> >>>> Le
Quoting Xavier (2020-12-03 18:30:54)
> Control: tags -1 + confirmed
>
> Le 03/12/2020 à 18:07, Jonas Smedegaard a écrit :
> > node-rollup-plugin-terser has a runtime dependency on
> > node-jest-worker.
> >
> > Currently node-jest-worker is provided as a virt
portantly, we should make js *maintenance* less complicated!
But most importantly, we should obey all "should"s in Debian policy:
https://www.debian.org/doc/debian-policy/ch-source.html#embedded-code-copies
- Jonas
--
* Jonas Smedegaard - idealist & Internet-arkitekt
* Tlf.
Quoting Xavier (2020-12-03 17:33:18)
> Le 03/12/2020 à 16:36, Jonas Smedegaard a écrit :
> > Quoting Xavier (2020-12-03 15:44:48)
> >> Le 03/12/2020 à 15:12, Jonas Smedegaard a écrit :
> >>> Quoting Xavier (2020-12-03 14:35:25)
> >>>> Le 03/12/2020 à 14
Source: node-jest
Version: 26.6.3+ds+~cs64.28.30-1
Severity: normal
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
node-rollup-plugin-terser has a runtime dependency on node-jest-worker.
Currently node-jest-worker is provided as a virtual package by jest.
Problem with that is the size of the de
Quoting Xavier (2020-12-03 15:44:48)
> Le 03/12/2020 à 15:12, Jonas Smedegaard a écrit :
> > Quoting Xavier (2020-12-03 14:35:25)
> >> Le 03/12/2020 à 14:24, Xavier a écrit :
> >>> Le 03/12/2020 à 12:44, Jonas Smedegaard a écrit :
> >>>> These
Quoting Xavier (2020-12-03 14:35:25)
> Le 03/12/2020 à 14:24, Xavier a écrit :
> > Le 03/12/2020 à 12:44, Jonas Smedegaard a écrit :
> >> These source packages embed nodejs module serialize-javascript
> >> without offering it as virtual binary package:
> >>
&
Quoting Pirate Praveen (2020-12-03 12:29:11)
> On Thu, Dec 3, 2020 at 11:53, Jonas Smedegaard wrote:
> > Please use Debbugs...
> >
> > Debian has an issue tracker called debbugs. Despite its name it can
> > also track other kinds of issues than bugs, including the
Package:
node-compression-webpack-plugin,node-copy-webpack-plugin,node-uglifyjs-webpack-plugin
Severity: important
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
These source packages embed nodejs module serialize-javascript
without offering it as virtual binary package:
node-compression-webp
because it was not tracked in Debbugs. I have moved
aside that old work - please those involved in that mess cherry-pick
anything sensible and then delete the git repo:
https://salsa.debian.org/js-team/node-serialize-javascript.old
- Jonas
--
* Jonas Smedegaard - idealist & Internet-arkit
Package: wnpp
Severity: wishlist
Owner: Jonas Smedegaard
X-Debbugs-Cc: debian-de...@lists.debian.org, Debian Javascript Maintainers
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
* Package name: node-serialize-javascript
Version : 5.0.1
Upstream Author : Eric Ferraiuolo
Quoting Xavier Guimard (2020-12-01 06:22:15)
> node-typescript-types is deprecated, please embed @types/backbone in
> node-backbone.
Thanks for filing as a formal bugreport!
Working on it...
- Jonas
--
* Jonas Smedegaard - idealist & Internet-arkitekt
* Tlf.: +45 40843136 Web
proken Debian patch for some revision).
An example of how to resolve and declare such versioned virtual packages
is here: https://salsa.debian.org/js-team/node-uuid/-/commit/85a6729
- Jonas
--
* Jonas Smedegaard - idealist & Internet-arkitekt
* Tlf.: +45 40843136 Website:
Quoting Jonas Smedegaard (2020-11-30 19:31:26)
> Quoting Pirate Praveen (2020-11-30 18:43:27)
> > On Mon, Nov 30, 2020 at 18:32, Jonas Smedegaard wrote:
> > > yarnpkg depends on node-node-uuid.
> > >
> > > node-node-uuid was deprecated 2 yars ago, replac
Quoting Pirate Praveen (2020-11-30 18:43:27)
> On Mon, Nov 30, 2020 at 18:32, Jonas Smedegaard wrote:
> > yarnpkg depends on node-node-uuid.
> >
> > node-node-uuid was deprecated 2 yars ago, replaced by node-uuid.
> >
> > Please change to instead depend on node-
Package: yarnpkg
Version: 1.22.4-4
Severity: grave
Justification: renders package unusable
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
yarnpkg depends on node-node-uuid.
node-node-uuid was deprecated 2 yars ago, replaced by node-uuid.
Please change to instead depend on node-uuid.
Raised se
e recently in LLVM
- binaryen 98 is too new to do it and LLVM is too old to do it:
https://github.com/llvm/llvm-project/commit/3bba91f64eef15956f589fa446c265a714cc7893
Here is a minimal code to reproduce that (final parts of) that same
error message (tested in a clean chroot of Debian sid as of
Package: node-webassemblyjs
Version: 1.9.1+repack+~cs10.9.15-1
Severity: minor
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Quoting Debian FTP Masters (2020-11-21 09:48:33)
> Changes:
> node-webassemblyjs (1.9.1+repack+~cs10.9.15-1) unstable; urgency=medium
> .
>* Team upload
>* No m
Package: src:node-rollup-plugin-json
Version: 4.1.0+~4.0.0-2
Severity: serious
Justification: Policy 2.1
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
source contains compiled webassembly code from project wabt.
A corresponding lintian override has the comment "Unused files",
but that's not ok
Package: src:node-rollup-plugin-buble
Version: 0.21.3+~0.19.8-2
Severity: serious
Justification: Policy 2.1
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
files below packages/wasm/ are source-less compiled wabt code.
Lintian warns about this, but is suppressed with comment "Unused files".
That
Package: node-webassemblyjs
Version: 1.9.1+dfsg+~cs7.7.13-1
Severity: serious
Justification: Policy 2.1
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
source contains convenience code copy of wabt.js
which consist almost purely of compiled wabt code.
Furthermore, lintian warnings about this iss
e now reverted those changes.
- Jonas
--
* Jonas Smedegaard - idealist & Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.jones.dk/
[x] quote me freely [ ] ask before reusing [ ] keep private
signature.asc
Description: signature
--
Pkg-javascript-devel mailing list
Pkg
11.
>
> No, this log was generated using only the packages from unstable,
> simply by running "sudo apt install emscripten", with the default
> config in "~/.emscripten".
>
> So, llvm-11 was in use, there was no custom config, and there was *no*
> experi
al config, right?
It would be helpful if you could share how far you got using the package
in unstable instead, and no custom config. I.e. using llvm-11.
Yes, I am aware that you already mention it doesn't work, but package in
experimental was a _failed_ experiment to use newer emscripte
eam emscripten developers with this issue.
- Jonas
--
* Jonas Smedegaard - idealist & Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.jones.dk/
[x] quote me freely [ ] ask before reusing [ ] keep private
signature.asc
Description: signature
--
Pkg-javascript-devel mailing list
push node-schema-utils to experimental for now
I suggest filing as a bugreport against node-schema-utils, with
"affects" for all affecting packages, to better track the issue.
- Jonas
--
* Jonas Smedegaard - idealist & Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.
loader and
maintain it :-)
Kind regards,
- Jonas
--
* Jonas Smedegaard - idealist & Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.jones.dk/
[x] quote me freely [ ] ask before reusing [ ] keep private
signature.asc
Description: signature
--
Pkg-javascript-devel ma
minified using newest upstream
knowledge, and b) reduces risk of getting caught in in a larger package
migration.
- Jonas
--
* Jonas Smedegaard - idealist & Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.jones.dk/
[x] quote me freely [ ] ask before reusing [ ] keep priv
others in the JavaScript team: Please ask first.
(avoid uglifyjs 2, however: It is ancient and unmaintained code!)
- Jonas
--
* Jonas Smedegaard - idealist & Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.jones.dk/
[x] quote me freely [ ] ask before reusing [ ] keep pri
l) proper package of that
same release win over this odd package.
- Jonas
--
* Jonas Smedegaard - idealist & Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.jones.dk/
[x] quote me freely [ ] ask before reusing [ ] keep private
signature.asc
Description: signature
--
Quoting Xavier (2020-10-27 14:45:40)
> Le 25/10/2020 à 11:57, Jonas Smedegaard a écrit :
> > Quoting Xavier (2020-10-25 11:27:55)
> >> Le 25/10/2020 à 09:06, Pirate Praveen a écrit :
> >>> On 2020, ഒക്ടോബർ 25 10:09:13 AM IST, Debian testing watch
> >>>
dded with consuming packages?
That seems backwards to me - what would be the benefit?
I think it is better to ship legacy library with non-legacy library, to
ease tracking of its continued need and maintain it where there is most
knowledge about the library, but I may be missing something
and your message correctly, or did I miss something?
- Jonas
--
* Jonas Smedegaard - idealist & Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.jones.dk/
[x] quote me freely [ ] ask before reusing [ ] keep private
signature.asc
Description: signature
--
Pkg-javascript-devel
Quoting Giovanni Mascellani (2020-10-16 11:15:19)
> Il 16/10/20 10:55, Jonas Smedegaard ha scritto:
> > I am working on an update - just takes an awful lot of time for each
> > build - hopefully ready this afternoon :-)
>
> Lovely, although no rush on my side. I just notic
gt; me at the moment, but feel free to change it.
Thanks for the detailed bugreport.
Agreed, the package is broken :-(
I am working on an update - just takes an awful lot of time for each
build - hopefully ready this afternoon :-)
- Jonas
--
* Jonas Smedegaard - idealist & Intern
Control: notfixed -1 1.22.1+dfsg-1
Quoting Jonas Smedegaard (2020-10-06 20:13:52)
> Recent releases of emscripten is architecture-independent.
I stand corrected: While emscripten itself is fully arch-independent,
its ability to succesfully compile _is_ architecture dependent.
E.g. emscrip
Package: node-debbundle-acorn
Version: 8.0.4+ds+~cs13.19.27-3
Severity: important
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
acorn and related packages are now provided by a bundle package.
That's fine.
Problematic, however, that virtual packages are provided without version,
making it har
Quoting Xavier (2020-10-11 17:24:46)
> Le 11/10/2020 à 13:00, Jonas Smedegaard a écrit :
> > Quoting Xavier (2020-10-11 10:39:44)
> >> I fixed node-promise and rollup. Now acorn 8 seems ready for
> >> unstable.
> >>
> >> Unless someone disagrees, I
Policy compliant.
Are there already bugs files for these issues? If not, could you please
file bugs about it, so we can track each of them?
- Jonas
--
* Jonas Smedegaard - idealist & Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.jones.dk/
[x] quote me freely [ ] ask b
gt;>
> >> There are other issues to solve, but using pdf.js from Debian would
> >> prevent the requirement to use the embedded version.
> >
> > OK, I'll update it
>
> Sadly updating pdf.js requires to update acorn to acorn 7.4. This will
>
se document it here:
https://salsa.debian.org/security-tracker-team/security-tracker/-/blob/master/data/embedded-code-copies
...as documented here: https://wiki.debian.org/EmbeddedCopies
- Jonas
--
* Jonas Smedegaard - idealist & Internet-arkitekt
* Tlf.: +45 40843136 Website: http://
he nodejs ecosystem.
Generally you only need terser if your code is written in too modern
flavor for JavaScript.
- Jonas
--
* Jonas Smedegaard - idealist & Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.jones.dk/
[x] quote me freely [ ] ask before reusing [ ] keep privat
Quoting Pirate Praveen (2020-09-22 13:03:53)
>
>
> On Mon, Sep 21, 2020 at 11:53, Jonas Smedegaard wrote:
> > If you simply mean a loose "don't break reverse dependencies!" and
> > write some suggestions down on a wiki page, then I fully agree: That
> &
Quoting Pirate Praveen (2020-09-21 09:15:46)
>
>
> On 2020, സെപ്റ്റംബർ 21 3:37:01 AM IST, Jonas Smedegaard
> wrote:
> >> I think we should create a release team within js team to handle it
> >> like how release team works for transitions.
> >
> >Wha
t before it was uploaded to unstable.
I agree with the above.
> I think we should create a release team within js team to handle it
> like how release team works for transitions.
What do you mean more concretely?
That only a smaller elite group should (approve) upload to unstable, an
eptable for backports as well.
Just make sure to mention any such changes in changelog.
> Also installing nodejs 12 on buster will break some packages that only
> work with nodejs 10.x. I don't know how to deal with that.
You could add "Breaks:".
- Jonas
--
* Jonas Smedeg
we introduce, compared to
upstream. Beware that ftpmasters _only_ require bundling of extremely
non-complex packages!
- Jonas
--
* Jonas Smedegaard - idealist & Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.jones.dk/
[x] quote me freely [ ] ask before reusing [ ] kee
chroot (either sid or bullseye) and
running "npm --version" does not fail, however.
- Jonas
--
* Jonas Smedegaard - idealist & Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.jones.dk/
[x] quote me freely [ ] ask before reusing [ ] keep private
signa
Quoting Pirate Praveen (2020-09-06 15:12:59)
>
>
> On Sun, Sep 6, 2020 at 15:04, Jonas Smedegaard wrote:
> > a) node-* packages _only_ shipping nodejs library code should _not_
> > depend on nodejs.
> >
>
> Sounds good, may be we should change npm2deb to make
Quoting Pirate Praveen (2020-09-06 14:27:11)
>
>
> On Sun, Sep 6, 2020 at 13:43, Jonas Smedegaard wrote:
> > Today changes was made to several node-* packages, dropping their
> > dependency on nodejs.
> >
> > Perl libraries must depend on perl.
> >
Package: node-entities
Version: 2.0.2-2
Severity: serious
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
node-* packages must depend on nodejs -
libjs-* need not (when _only_ targeting browser use).
Changelog for release 2.0.2-2 includes "Drop runtime dependency on nodejs
(to avoid installing n
changes, Praveen.
- Jonas
--
* Jonas Smedegaard - idealist & Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.jones.dk/
[x] quote me freely [ ] ask before reusing [ ] keep private
signature.asc
Description: signature
--
Pkg-javascript-devel mailing list
Pkg-javascript-d
Quoting Xavier (2020-09-03 16:33:10)
> Le 03/09/2020 à 16:28, Jonas Smedegaard a écrit :
> > Quoting Nicolas Mora (2020-09-03 15:49:32)
> >> Hello,
> >>
> >> Concerning embedded modules, this raises me another question.
> >>
> >> Le 20-
red. Obviously code copies *not* required should be *dropped*
rather than reported, and obviously we should not whine about
ftp-masters wrongly forcing us to embed stuff because that's (not true,
and) irrelevant for the security team.
--
* Jonas Smedegaard - idealist & Internet-ark
Quoting Xavier (2020-09-03 16:06:01)
> Le 03/09/2020 à 16:02, Jonas Smedegaard a écrit :
> > Quoting Xavier (2020-09-03 15:43:24)
> >> Le 03/09/2020 à 15:36, Xavier a écrit :
> >>> Le 03/09/2020 à 14:59, Andrius Merkys a écrit :
> >>>> Hi Xavier,
&g
Quoting Andrius Merkys (2020-09-03 15:54:30)
> On 2020-09-03 16:23, Jonas Smedegaard wrote:
> > Quoting Andrius Merkys (2020-09-03 14:59:38)
> >> On 2020-09-03 15:54, Xavier wrote:
> >>> buffer-equal:
> >>> - node-buffer-equal (1.0.0)
> >>
t; @sinonjs/commons to avoid a complex circular dependency with node-sinon.
> In this case no bug, just a known problem.
"known" to whom? It does not seem known to Debian nor to the JavaScript
team - i.e. I fail to see any mention of the reason for that code
embedding in debian/
es might be removed.
Why only "might"?
I fail to see *any* reason for embedded code to continue exist when
available non-embedded. Please enlighten me, anyone...
...or if not, then let us treat such cases as release-critical bugs!
- Jonas
--
* Jonas Smedegaard - idealist &
Package: node-rollup-plugin-babel
Version: 4.4.0-8
Severity: minor
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package node-rollup-plugin-babel points to
https://github.com/rollup/rollup-plugin-babel
as its homepage.
That page is the homepage for an archived project.
Seems the package previ
Does anyone have question or objection about this plan?
Sounds good to me. Thanks for the detailed check, and for asking for
advice!
- Jonas
--
* Jonas Smedegaard - idealist & Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.jones.dk/
[x] quote me freely [ ] ask before
[tiny nudge to bump drop-from-bullseye deadline]
--
* Jonas Smedegaard - idealist & Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.jones.dk/
[x] quote me freely [ ] ask before reusing [ ] keep private
signature.asc
Description: signature
--
Pkg-javascript-devel mailing
Package: mocha
Version: 7.0.1+ds1-2
Severity: important
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
running mocha for recent releases of project domino fails:
NODE_ENV=test mocha --reporter tap --no-timeout test/domino.js test/index.js
test/parsing.js test/xss.js
/usr/share/nodejs/mocha/lib
package maintenance, I recommend that you discuss the issue of source of
fonts with the font team, as there is collected quite some knowledge and
experience in that team.
Hmm, maybe the fonts team would be a better place after all. Not
sure...
Good luck with the project - seems a great resource
>
> Thanks to the brave new world of embedding eveything and reducing the
> number of js packages. Complicated build systems in favor of reducing
> the metadata size, ftw!
Only the package uploader can be blamed for embedding _everything_!
- Jonas
--
* Jonas Smedegaard - ideal
de-rollup-plugin-buble build depends on the babeljs provides
> >that will not be in bullseye due to #960748.
>
> I think we should add Provides: babeljs to node-babel7.
Only if it provides unversioned executable babeljs.
That should probably be done using dh_installalternatives.
- Jonas
Quoting mer...@debian.org (2020-07-12 06:37:52)
> On 2020-07-11 11:00, Jonas Smedegaard wrote:
> > Reason I suspect upstream-only tracking is wrong is that also Debian
> > changes can change ABI - either deliberately or accidentally. Most
> > notibly by adding/changing
Quoting Andrius Merkys (2020-07-10 11:52:40)
> On 2020-07-10 12:38, Jonas Smedegaard wrote:
> > I suspect you are wrong about relaxing lower bounds to only upstream
> > part.
>
> I got this idea from the way the issue was fixed in node-expat [1].
> Could you explain why
301 - 400 of 616 matches
Mail list logo