[Pkg-javascript-devel] Bug#932500: Bug#932500: vulnerability: prototype pollution

Le 20/07/2019 à 22:23, Salvatore Bonaccorso a écrit : > Hi Xavier, > > On Sat, Jul 20, 2019 at 05:44:05PM +0200, Xavier wrote: >> Le 20/07/2019 à 06:32, Paolo Greppi a écrit : >>> Package: node-mixin-deep >>> Version: 1.1.3-3 >>> Severity: important &

[Pkg-javascript-devel] Bug#932500: Bug#932500: vulnerability: prototype pollution

212 > https://github.com/jonschlinkert/mixin-deep/issues/6 > > Please upgrade to either 1.3.2 or 2.0.1. > > Thanks, Paolo Hello, here is a proposed fix. Cheers, Xavier diff --git a/debian/changelog b/debian/changelog index 17cb287..74f9154 100644 --- a/debian/changelog +++ b/debian/cha

Re: [Pkg-javascript-devel] packaging node mermaid: Recursion in resolving module

der node_modules/css-to-string-loader + ln -s ../scope-css node_modules/ + ln -s ../moment-mini node_modules/ + ln -s ../css-to-string-loader node_modules/ webpack #override_dh_auto_test: Then error is now: WARNING in ./src/themes ^\.\/.*\/index\.scss$ Module not found: Er

[Pkg-javascript-devel] Bug#932500: Bug#932500: vulnerability: prototype pollution

Le 20/07/2019 à 06:32, Paolo Greppi a écrit : > Package: node-mixin-deep > Version: 1.1.3-3 > Severity: important > > Dear Maintainer, > > node-mixin-deep 1.1.3-3 is affected by a prototype pollution vulnerability: > https://snyk.io/vuln/SNYK-JS-MIXINDEEP-450212 >

Re: [Pkg-javascript-devel] automatically pulling vulnerabilities from snyk.io

Le 20/07/2019 à 07:11, Paolo Greppi a écrit : > After filing https://bugs.debian.org/932500 I realized it would be great > to have > some automation in place to automatically pull vulnerabilities from > https://snyk.io and turn them into CVE bugs in BTS. > > Thoughts ? > > Paolo Hello, our

Re: [Pkg-javascript-devel] Merging node-jquery and libjs-jquery source packages

Hi all, I agree to merge them. Following our policy, source package should be named jquery.js. For now we have: * node-jquery => src:node-jquery * libjs-jquery => src:jquery Then if we don't want to upload a new package, I prefer to keep src:jquery as source name Cheers, Xavier

[Pkg-javascript-devel] Bug#932400: RM: node-husl -- ROM; Orphaned upstream and replaced by node-hsluv

Package: ftp.debian.org Severity: normal node-husl is no more maintained upstream [1]: it has been replaced by hsluv. This package has no reverse dependencies, I think it can safely be removed form Debian archive. Cheers, Xavier [1]: https://www.npmjs.com/package/husl -- Pkg-javascript-devel

[Pkg-javascript-devel] Bug#927254: closed by Xavier Guimard (Bug#927254: fixed in vue-router.js 3.0.7+ds-1)

ter package: >> >> #927254: libjs-vue-router: ships node module instead of browser one >> >> It has been closed by Xavier Guimard . > > It did not solve my problem. Package libjs-vue-router still provides files > in /usr/share/nodejs: > > $ dpkg -L l

Re: [Pkg-javascript-devel] Bug#932259: ITP: psl.js -- JavaScript domain name parser based on the Public Suffix Lisl

Le 17/07/2019 à 08:35, Xavier Guimard a écrit : > Package: wnpp > Severity: wishlist > Owner: Xavier Guimard > > * Package name: psl.js > Version : 1.2.0 > Upstream Author : Lupo Montero > * URL : https://github.com/lupomontero/psl >

[Pkg-javascript-devel] Bug#932259: ITP: psl.js -- JavaScript domain name parser based on the Public Suffix Lisl

Package: wnpp Severity: wishlist Owner: Xavier Guimard * Package name: psl.js Version : 1.2.0 Upstream Author : Lupo Montero * URL : https://github.com/lupomontero/psl * License : Expat Programming Lang: JavaScript Description : JavaScript domain name

[Pkg-javascript-devel] autopkgtest rollup test

Hi, rollup does not fail when dependency is not found. I tried this: ... rollup -c autopkgtest_rollup.config.js 2>&1|tee autopkgtest_rollup_log if grep 'Unresolved dependencies' autopkgtest_rollup_log >/dev/null then echo "# /!\ There are some unresolved dependencies" exit 1 fi

[Pkg-javascript-devel] Bug#932022: node-husl: husl has been deprecated and replaced bu hsluv

-RM. Cheers, Xavier [1]: https://www.npmjs.com/package/husl -- Pkg-javascript-devel mailing list Pkg-javascript-devel@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel

Re: [Pkg-javascript-devel] Circular dependencies

Le 12/07/2019 à 11:54, Xavier a écrit : > Hi all, > > I wrote a little wrapper around debtree to display circular dependencies > (https://salsa.debian.org/yadd/djpt/blob/master/circular-deps). > > Example: > $ circular-deps node-buble|graph-easy --png && firefox g

[Pkg-javascript-devel] Circular dependencies

▶ │ node-rollup-plugin-buble │ ──▶ │ node-buble │ ━━▶ │ rollup │ └──┘ └┘ └┘ ▲┃ ┗┛ Cheers

Re: [Pkg-javascript-devel] node-acorn-dynamic-import_4.0.0-1_amd64.changes ACCEPTED into unstable

Le 10/07/2019 à 11:52, Pirate Praveen a écrit : > > > On 2019, ജൂലൈ 10 3:12:37 PM IST, Pirate Praveen > wrote: >> This upload broke node-webpack and node-buble and that means a large >> number of packages now FTBFS. >> > > I think we should revert node-acorn-dynamic-import to 4.0.really.3.0

Re: [Pkg-javascript-devel] Bug#931790: rollup test will also need to use node-rollup-plugin-node-resolve

Le 10/07/2019 à 19:32, Pirate Praveen a écrit : > > > On 2019, ജൂലൈ 10 8:40:21 PM IST, Xavier wrote: >> Le 10/07/2019 à 14:40, Pirate Praveen a écrit : >>> Package: pkg-js-autopkgtest >>> version: 0.8 >>> severity: serious >>> >>

[Pkg-javascript-devel] Bug#931790: Bug#931790: rollup test will also need to use node-rollup-plugin-node-resolve

Le 10/07/2019 à 14:40, Pirate Praveen a écrit : > Package: pkg-js-autopkgtest > version: 0.8 > severity: serious > > autopkgtest_rollup_src.js → autopkgtest_rollup_dest.js... > (!) Generated an empty bundle > (!) Unresolved dependencies >

[Pkg-javascript-devel] Bug#930917: Bug#930917: Bug#930917: Bug#930917: Include import test like require test when package.json#module is present

Le 09/07/2019 à 21:22, Xavier a écrit : > Le 09/07/2019 à 11:27, Pirate Praveen a écrit : >> >> >> On 2019, ജൂലൈ 9 2:12:43 PM IST, Xavier wrote: >>> Hello, >>> >>> pkg-js-autopkgtest launches 2 tests: >>> - a `node -e 're

[Pkg-javascript-devel] Bug#930917: Bug#930917: Bug#930917: Include import test like require test when package.json#module is present

Le 09/07/2019 à 11:27, Pirate Praveen a écrit : > > > On 2019, ജൂലൈ 9 2:12:43 PM IST, Xavier wrote: >> Hello, >> >> pkg-js-autopkgtest launches 2 tests: >> - a `node -e 'require("package")' >> - upstream tests on installed files >> >>

[Pkg-javascript-devel] Bug#931712: node-duplexer3 provides node-duplexer2 but is not usable

After more search, the problem is that if /usr/lib/nodejs/duplexer2 isn't cleaned by dpkg, the link isn't created and the /usr/lib/nodejs/duplexer2 stays empty. -- Pkg-javascript-devel mailing list Pkg-javascript-devel@alioth-lists.debian.net

[Pkg-javascript-devel] Bug#931712: node-duplexer3 provides node-duplexer2 but is not usable

Package: node-duplexer3 Version: 0.1.4-4 Severity: grave node-duplexer3 provides node-duplexer2: /usr/lib/nodejs/duplexer2 is a symblik to /usr/lib/nodejs/duplexer3. Nodejs now looks at package.json "name" field and refuse to load it: $ node -e 'require("duplexer2")'

[Pkg-javascript-devel] Bug#930917: Include import test like require test when package.json#module is present

Hello, pkg-js-autopkgtest launches 2 tests: - a `node -e 'require("package")' - upstream tests on installed files is it enough ? -- Pkg-javascript-devel mailing list Pkg-javascript-devel@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel

[Pkg-javascript-devel] Bug#931675: pkg-js-autopkgtest: pkg-js-tools should link files from /usr/share/nodejs and /usr/lib/<$DEB_HOST_MULTIARCH>/nodejs

Package: pkg-js-autopkgtest Version: 0.5 Severity: important nodejs packages can install files in /usr/share/nodejs or /usr/lib/<$DEB_HOST_MULTIARCH>/nodejs while pkg-js-autopkgtest links only files from /usr/lib/nodejs. This has to be updated -- Pkg-javascript-devel mailing list

[Pkg-javascript-devel] Bug#931654: node-json3: json3 is no more maintained

Package: node-json3 Severity: normal Tags: security upstream According to https://github.com/bestiejs/json3, node-json3 is no more maintained and easy to replace by native JSON.parse/JSON.stringify functions. A ROM-RM issue is opened (#931653). This one will avoid testing migration. --

Re: [Pkg-javascript-devel] Comments regarding acorn_6.1.1+ds+~0.3.1+~4.0.0+~1.0.0+~5.0.1+ds+~1.6.2+ds-1_amd64.changes

Hello, To avoid having too many little node packages, ftpmasters asked us to group packages. To be able to follow these grouped packages, uscan was modified and we wrote this draft: https://wiki.debian.org/Javascript/GroupSourcesTutorial Cheers, Xavier Le 7 juillet 2019 17:38:05 GMT+02:00

Re: [Pkg-javascript-devel] Request to join the Debian JavaScript Maintainers group

Le 26/06/2019 à 12:34, Kyle Robbertze a écrit : > On 2019/06/26 06:49, Xavier wrote: >> Le 25/06/2019 à 23:37, Debian GitLab a écrit : >>> Kyle Robbertze <https://salsa.debian.org/paddatrapper> requested >>> Developer access to the Debian JavaScript Maintainers >

Re: [Pkg-javascript-devel] Request to join the Debian JavaScript Maintainers group

ad our docs: * https://wiki.debian.org/Javascript/Nodejs/Manual * https://wiki.debian.org/Javascript/Policy * https://wiki.debian.org/Javascript/GroupSourcesTutorial Cheers, Xavier -- Pkg-javascript-devel mailing list Pkg-javascript-devel@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin

Re: [Pkg-javascript-devel] need help with building node-dagre-d3-renderer with webpack

Le 25/06/2019 à 09:52, Pirate Praveen a écrit : > Control: tag -1 help > > On Sat, 08 Jun 2019 20:48:32 +0500 Pirate Praveen > wrote:> This library is a dependency of > gitlab. Since it uses babel and webpack >> to generate ES5 code, it is not suitable for embedding. > > With node-d3 in

Re: [Pkg-javascript-devel] Bug#930963: node-d3-queue autopkgtest failure because of not copying entire source tree

th: > '/tmp/autopkgtest-lxc.gksjxq9s/downtmp/autopkgtest_tmp/smoke5njYFC/test/../README.md' > } Hi, you can use debian/tests/pkg-js/files to specify which files are needed for test. See my change here: https://salsa.debian.org/js-team/node-d3-queue/commit/0acb515 Cheers, Xavier -- Pkg-ja

[Pkg-javascript-devel] Bug#930618: node-terser does not install file mentioned in package.json's main field and fails Error: Cannot find module 'terser'

Le 21/06/2019 à 06:04, Pirate Praveen a écrit : > > > On 2019, ജൂൺ 20 5:08:24 PM IST, Xavier wrote: >> Hello, >> >> there is something wrong with your patch: >> W: node-terser source: binaries-have-file-conflict node-terser >> uglifyjs.terser usr/lib/nodej

[Pkg-javascript-devel] Bug#930618: node-terser does not install file mentioned in package.json's main field and fails Error: Cannot find module 'terser'

Hello, there is something wrong with your patch: W: node-terser source: binaries-have-file-conflict node-terser uglifyjs.terser usr/lib/nodejs/terser/dist/bundle.js Your link overrides a regular file -- Pkg-javascript-devel mailing list Pkg-javascript-devel@alioth-lists.debian.net

Re: [Pkg-javascript-devel] Bug#930439: gitlab's webpack is failing to find node-chartjs

Le 13/06/2019 à 07:35, Pirate Praveen a écrit : > > > On 2019, ജൂൺ 13 10:06:25 AM IST, Xavier wrote: >> Le 13/06/2019 à 06:32, Pirate Praveen a écrit : >>> Control: severity -1 grave >>> >>> On 2019, ജൂൺ 13 12:20:23 AM IST, Xavier wrote: >&

Re: [Pkg-javascript-devel] Bug#930439: gitlab's webpack is failing to find node-chartjs

Le 13/06/2019 à 06:32, Pirate Praveen a écrit : > Control: severity -1 grave > > On 2019, ജൂൺ 13 12:20:23 AM IST, Xavier wrote: >> Fixed in salsa. Do you think this requires an unblock ? > > Yes Done, #930444 -- Pkg-javascript-devel mailing list Pkg-javascript-devel@al

Re: [Pkg-javascript-devel] Bug#930439: gitlab's webpack is failing to find node-chartjs

Le 12/06/2019 à 20:15, Pirate Praveen a écrit : > package: node-chart.js > severity: important > version: 2.7.3+dfsg-3 > > webpack is able to find other packaged modules like autosize, > brace-expasion etc so it is likely a bug with node-chart.js > > ERROR in

Re: [Pkg-javascript-devel] Bug#929829: gulp 4 cannot build node-babel 7 - Cannot convert undefined or null to object

Le 06/06/2019 à 23:09, Xavier a écrit : > Le 06/06/2019 à 22:28, Xavier a écrit : >> Le 06/06/2019 à 09:07, Pirate Praveen a écrit : >>> >>> >>> On 2019, ജൂൺ 6 11:00:16 AM IST, Xavier wrote: >>>> My reducejs tool gives a new analysis: >>>

[Pkg-javascript-devel] Bug#872433: [with solution] Doesn't find modules installed in Debian directories

Hello, proposed patch can't be applied on stretch package. -- Pkg-javascript-devel mailing list Pkg-javascript-devel@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel

[Pkg-javascript-devel] Bug#929829: gulp 4 cannot build node-babel 7 - Cannot convert undefined or null to object

Le 06/06/2019 à 22:28, Xavier a écrit : > Le 06/06/2019 à 09:07, Pirate Praveen a écrit : >> >> >> On 2019, ജൂൺ 6 11:00:16 AM IST, Xavier wrote: >>> My reducejs tool gives a new analysis: >>> * downgraded modules to embed >>> - process-nex

[Pkg-javascript-devel] Bug#929829: Bug#929829: gulp 4 cannot build node-babel 7 - Cannot convert undefined or null to object

Le 06/06/2019 à 09:07, Pirate Praveen a écrit : > > > On 2019, ജൂൺ 6 11:00:16 AM IST, Xavier wrote: >> My reducejs tool gives a new analysis: >> * downgraded modules to embed >> - process-nextick-args : 2.0.0 => 1.0.7 > > This is handled by a patch. >

[Pkg-javascript-devel] Bug#929829: Bug#929829: Bug#929829: Bug#929829: gulp 4 cannot build node-babel 7 - Cannot convert undefined or null to object

Le 05/06/2019 à 22:48, Xavier a écrit : > Le 03/06/2019 à 22:23, Xavier a écrit : >> Le 01/06/2019 à 12:14, Pirate Praveen a écrit : >>> ... >>> gulp build >>> [15:37:17] Local modules not found in ~/forge/debian/git/js-team/node-babel >>> [15:37:17]

[Pkg-javascript-devel] Bug#929829: Bug#929829: Bug#929829: gulp 4 cannot build node-babel 7 - Cannot convert undefined or null to object

Le 03/06/2019 à 22:23, Xavier a écrit : > Le 01/06/2019 à 12:14, Pirate Praveen a écrit : >> ... >> gulp build >> [15:37:17] Local modules not found in ~/forge/debian/git/js-team/node-babel >> [15:37:17] Try running: npm install >> [15:37:17] Using globally i

[Pkg-javascript-devel] Bug#929829: Bug#929829: Bug#929829: gulp 4 cannot build node-babel 7 - Cannot convert undefined or null to object

Le 03/06/2019 à 22:23, Xavier a écrit : > Le 01/06/2019 à 12:14, Pirate Praveen a écrit : >> ... >> gulp build >> [15:37:17] Local modules not found in ~/forge/debian/git/js-team/node-babel >> [15:37:17] Try running: npm install >> [15:37:17] Using globally i

[Pkg-javascript-devel] Bug#929829: Bug#929829: gulp 4 cannot build node-babel 7 - Cannot convert undefined or null to object

Le 01/06/2019 à 12:14, Pirate Praveen a écrit : > ... > gulp build > [15:37:17] Local modules not found in ~/forge/debian/git/js-team/node-babel > [15:37:17] Try running: npm install > [15:37:17] Using globally installed gulp > [15:37:17] Using gulpfile

Re: [Pkg-javascript-devel] gulp 4 transition: help needed

Le 31/05/2019 à 17:19, Pirate Praveen a écrit : > Hi, > > I just uploaded gulp 4 to experimental. I had to embed about 50+ node > modules in it (plus many more in node-vinyl-fs). I have left one lintian > error about source missing since there is no easy way to exclude it (see > #929805). > >

Re: [Pkg-javascript-devel] Fix for d3-scale-chtomatic ; request for the package to be uploaded

Le 30/05/2019 à 12:23, Nilesh Patra a écrit : > I have committed the changes in > https://salsa.debian.org/js-team/node-d3-scale-chromatic/tree/master/debian > , as asked . > It is my humble request to you for uploading this package. > Thanks > Regards > Nilesh Pushed, thanks --

Re: [Pkg-javascript-devel] Fix for d3-scale-chtomatic ; request for the package to be uploaded

t; Nilesh Hello, autopkgtest didn't work, also you duplicated some autopkgtests. Here are my changes. Could you commit this directly in g...@salsa.debian.org:js-team/node-d3-scale-chromatic.git ? Cheers, Xavier diff --git a/debian/control b/debian/control index 5946dc8..2044588 100644 --- a/

[Pkg-javascript-devel] Bug#929654: Bug#929654: Outdated node-unicode-property-value-aliases results in incomplete package rebuild

Control: severity -1 important Le 28/05/2019 à 00:11, Daniel Drake a écrit : > Package: node-unicode-12.0.0 > Version: 0~20190414+gitbf518e99-2 > > node-unicode-data 0~20190414+gitbf518e99-2 was originally built > successfully and correctly under sid, and then the binaries were > imported to

[Pkg-javascript-devel] Fwd: release.debian.org: [pre-approval] testing-proposed-updates for unicode changes

rollup salvage in progress... Message transféré Sujet : release.debian.org: [pre-approval] testing-proposed-updates for unicode changes Date : Thu, 23 May 2019 20:51:13 +0200 De : Xavier Guimard Pour : Debian Bug Tracking System Package: release.debian.org Severity: normal

Re: [Pkg-javascript-devel] Bug#929447: acorn build-depends on cruft package node-unicode-11.0.0

Le 23/05/2019 à 19:57, Peter Michael Green a écrit : > package: node-regenerate-unicode-properties > version: 7.0.0+ds-1 > severity: serious > > node-regenerate-unicode-properties build-depends on node-unicode-11.0.0 > which is no longer built by source package node-unicode-data. It appears > to

Re: [Pkg-javascript-devel] Bug#929448: node-regexpu-core build-depends on cruft package node-unicode-11.0.0

Le 23/05/2019 à 20:03, Peter Michael Green a écrit : > package: node-regexpu-core > version: 4.4.0+ds-1 > severity: serious > > node-regexpu-core build-depends on node-unicode-11.0.0 which is no > longer built by source package node-unicode-data. It appears to have > been replaced by

Re: [Pkg-javascript-devel] ?==?utf-8?q? Using GroupedSources for gulp

Le Mardi, Mai 21, 2019 15:30 CEST, Pirate Praveen a écrit: > > > On Tue, May 21, 2019 at 12:53 AM, Xavier wrote: > > Unable to reproduce, still works fine: > > > > $ head debian/changelog -n 2 > > node-gulp (4.0.2-1) unstable; urgency=medium > >

Re: [Pkg-javascript-devel] Using GroupedSources for gulp

Le 20/05/2019 à 21:25, Xavier a écrit : > Le 20/05/2019 à 21:23, Xavier a écrit : >> Le 20/05/2019 à 20:47, Utkarsh Gupta a écrit : >>> Hey, >>> >>> On 20/05/19 11:28 pm, Xavier wrote: >>>> Le 20/05/2019 à 19:24, Pirate Praveen a écrit : >>&

Re: [Pkg-javascript-devel] Using GroupedSources for gulp

Le 20/05/2019 à 21:23, Xavier a écrit : > Le 20/05/2019 à 20:47, Utkarsh Gupta a écrit : >> Hey, >> >> On 20/05/19 11:28 pm, Xavier wrote: >>> Le 20/05/2019 à 19:24, Pirate Praveen a écrit : >>>> version=4 >>>> >>

Re: [Pkg-javascript-devel] Using GroupedSources for gulp

Le 20/05/2019 à 20:47, Utkarsh Gupta a écrit : > Hey, > > On 20/05/19 11:28 pm, Xavier wrote: >> Le 20/05/2019 à 19:24, Pirate Praveen a écrit : >>> version=4 >>> >>> opts=\ >>> dversionmangle=s/\+(debian|dfsg|ds|deb)(\.\d+)?$//,\ >>> fi

Re: [Pkg-javascript-devel] Using GroupedSources for gulp

Le 20/05/2019 à 19:24, Pirate Praveen a écrit : > version=4 > > opts=\ > dversionmangle=s/\+(debian|dfsg|ds|deb)(\.\d+)?$//,\ > filenamemangle=s/.*\/v?([\d\.-]+)\.tar\.gz/node-gulp-$1.tar.gz/ \ > https://github.com/gulpjs/gulp/tags .*/archive/v?([\d\.]+).tar.gz group > >

Re: [Pkg-javascript-devel] Using GroupedSources for gulp

Le 20/05/2019 à 18:53, Pirate Praveen a écrit : > In debian/watch no matching hrefs for version When "ignore" is missing, uscan search gulp-cli with exactly the same version than gulp ;-) -- Pkg-javascript-devel mailing list Pkg-javascript-devel@alioth-lists.debian.net

Re: [Pkg-javascript-devel] Using GroupedSources for gulp

Le 19/05/2019 à 20:03, Pirate Praveen a écrit : > > > On Sun, May 19, 2019 at 9:24 PM, Xavier wrote: >> Then don't use "group", and add "ignore" on gulp-cli only. > > It creates only ../node-gulp_4.0.2.orig.tar.gz > > Is it not expected to

[Pkg-javascript-devel] Bug#927254: Bug#927254: Bug#927254: libjs-vue-router: ships node module instead of browser one

Le 14/05/2019 à 11:41, Dmitry Bogatov a écrit : > > [2019-04-22 09:56] Dmitry Bogatov >>> Provided files are not node-* ones but recompiled using rollup. Could >>> you check if Laminar works well with >>> https://unpkg.com/vue-router@3.0.2/dist/vue-router.js file ? (same >>> version than in

Re: [Pkg-javascript-devel] Using GroupedSources for gulp

Le 19/05/2019 à 17:52, Pirate Praveen a écrit : > > > On Sun, May 19, 2019 at 9:08 PM, Xavier wrote: >> Le 19/05/2019 à 16:34, Pirate Praveen a écrit : >>>  Hi, >>> >>>  I have been using >>>  https://wiki.debian.org/Javascript/Nodejs/Npm2De

Re: [Pkg-javascript-devel] Using GroupedSources for gulp

Le 19/05/2019 à 16:34, Pirate Praveen a écrit : > Hi, > > I have been using > https://wiki.debian.org/Javascript/Nodejs/Npm2Deb/Embedding till now. > > I want to try to use > https://wiki.debian.org/Javascript/GroupSourcesTutorial for gulp 4.0 (to > embed gulp-cli 2.2.0) > > This is the watch

[Pkg-javascript-devel] Bug#928827: Bug#928827: libjs-jquery: Minified version of jquery.js (jquery.min.js) throws syntax error

Control: fixed -1 3.1.1-1 Control: notfound -1 1.7.2+dfsg-3.2 Control: tags -1 confirmed Le 11/05/2019 à 21:52, Harald Oest a écrit : > Package: libjs-jquery > Version: 1.7.2+dfsg-3.2+deb8u6 > Severity: normal > > Dear Maintainer, > > the minified jquery library

Re: [Pkg-javascript-devel] nmu: node-unicode-*

Le 09/05/2019 à 13:01, Paul Gevers a écrit : > ... > This package is arch:all. Somebody needs to do a source upload. > > There is a newer version already in unstable than in buster, so don't > expect this package to migrate to buster. > > Paul Hi all, Please stop uploading new versions to

[Pkg-javascript-devel] Bug#928645: Bug#928645: RFI: replacement of touch module with fs

Le 08/05/2019 à 10:49, Ritesh Raj Sarraf a écrit : > Package: node-lockfile > Version: 1.0.4 > Severity: normal > > Hi, > > This is mostly about trying to determine the reason for the change. > I noticed that in patch `remove-touch.patch`, the requirement for `touch` > module is worked around by

[Pkg-javascript-devel] Bug#928645: Bug#928645: RFI: replacement of touch module with fs

Le 08/05/2019 à 11:22, Xavier a écrit : > Le 08/05/2019 à 10:49, Ritesh Raj Sarraf a écrit : >> Package: node-lockfile >> Version: 1.0.4 >> Severity: normal >> >> Hi, >> >> This is mostly about trying to determine the reason for the change. &

Re: [Pkg-javascript-devel] Strange license : not DSFG-compliant, but...

Le 08/05/2019 à 10:45, Julien Puydt a écrit : > Hi, > > I think it just doesn't make sense : > http://jscolor.com/download/ > > in any case, it certainly isn't DFSG-compliant. > > Still, I'd like some feedback on the matter... if only to understand the > situation better before I try to get

[Pkg-javascript-devel] Bug#927716: Bug#927716: CVE-2018-1109

Le 26/04/2019 à 19:40, Xavier a écrit : > [...] > Hello, > > The regex that causes CVE-2018-1109 was introduced in upstream version > 2.2.0, commit dcc1acab [1]. So Buster node-braces seems not concerned by > this CVE. > > https://snyk.io/vuln/npm:braces:20180219 extract

[Pkg-javascript-devel] Bug#927716: CVE-2018-1109

Le 25/04/2019 à 13:41, Xavier a écrit : > Control: tags -1 + moreinfo > > Le 22/04/2019 à 07:38, Xavier a écrit : >> Le 21/04/2019 à 22:33, Moritz Muehlenhoff a écrit : >>> Package: node-braces >>> Severity: important >>> Tags: security >>> >

[Pkg-javascript-devel] Bug#927716: Bug#927716: Bug#927716: CVE-2018-1109

Control: tags -1 + moreinfo Le 22/04/2019 à 07:38, Xavier a écrit : > Le 21/04/2019 à 22:33, Moritz Muehlenhoff a écrit : >> Package: node-braces >> Severity: important >> Tags: security >> >> Please see https://snyk.io/vuln/npm:braces:20180219 >> >> P

[Pkg-javascript-devel] Bug#927716: Bug#927716: CVE-2018-1109

Le 21/04/2019 à 22:33, Moritz Muehlenhoff a écrit : > Package: node-braces > Severity: important > Tags: security > > Please see https://snyk.io/vuln/npm:braces:20180219 > > Patch: > https://github.com/micromatch/braces/commit/abdafb0cae1e0c00f184abbadc692f4eaa98f451 > > Cheers, >

[Pkg-javascript-devel] Bug#927254: Bug#927254: libjs-vue-router: ships node module instead of browser one

Le 17/04/2019 à 00:44, Dmitry Bogatov a écrit : > > Package: libjs-vue-router > Version: 3.0.2+ds-1 > Severity: normal > > Dear Maintainer, > > I am working on packaging Laminar CI system, and libjs-vue-router is one > of its dependencies. Upstream build system of Laminar downloads its >

Re: [Pkg-javascript-devel] jquery_3.3.1~dfsg-2_sourceonly.changes ACCEPTED into unstable

ascript Maintainers > > Changed-By: Xavier Guimard > Closes: 927385 > Changes: > jquery (3.3.1~dfsg-2) unstable; urgency=medium > . >* Team upload >* Add patch to prevent Object.prototype pollution (Closes: #927385) >* Upgrade links to https > > Thank y

[Pkg-javascript-devel] Bug#927361: unblock: node-superagent/0.20.0+dfsg-2

sidered as RC bug, so I think it is needed and low risky to unblock node-superagent. Cheers, Xavier diff --git a/debian/changelog b/debian/changelog index 0df52d2..e52f880 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,18 @@ +node-superagent (0.20.0+dfsg-2) unstable; urgency=mediu

[Pkg-javascript-devel] Bug#927202: unblock: node-url-parse/1.2.0-2

eam/metadata Reverse dependencies: node-url-parse +-> node-original +-> node-eventsource No end-user package depends on node-url-parse, so I think it is low risky to upgrade node-url-parse. Cheers, Xavier unblock node-url-parse/1.2.0-2 diff --git a/debian/changelog b/debian/changelog inde

Re: [Pkg-javascript-devel] Bug#927034: simile-timeline: lack of Japan's new era 令和 (Reiwa)

Le 14/04/2019 à 17:26, W. Martin Borgert a écrit : > On 2019-04-14 09:15, Xavier wrote: >> I updated this package to add Reiwa Era and some other things. However, >> I found that it embeds an old version of JQuery (1.2.6). Perhaps this >> should not be included in Buster.

Re: [Pkg-javascript-devel] Request to join the Debian JavaScript Maintainers group

Le 14/04/2019 à 09:14, Graham Inggs a écrit : > On Sat, 13 Apr 2019 at 12:03, Xavier wrote: >> No problem for me. Please use pkg-js-tools for tests and autopkgtest >> (https://salsa.debian.org/js-team/pkg-js-tools/tree/master/doc/autopkgtest#readme). > > Thanks for

Re: [Pkg-javascript-devel] Bug#927034: simile-timeline: lack of Japan's new era 令和 (Reiwa)

Le 14/04/2019 à 09:15, Xavier a écrit : > Le 14/04/2019 à 01:01, Nobuhiro Iwamatsu a écrit : >> Source: simile-timeline >> Version: 2.3.0+dfsg1-2 >> Severity: important >> >> Dear Maintainer, >> >> Japan's new era 令和 (Reiwa) will be started at 2019/5/1

Re: [Pkg-javascript-devel] Bug#927034: simile-timeline: lack of Japan's new era 令和 (Reiwa)

eds an old version of JQuery (1.2.6). Perhaps this should not be included in Buster. Cc to uploaders. Cheers, Xavier $ apt-cache rdepends --recurse libjs-simile-timeline libjs-simile-timeline Reverse Depends: debian-timeline debian-timeline Reverse Depends: Changes: * Team upload

[Pkg-javascript-devel] Bug#927015: Bug#927015: node-serve-static: FTBFS (failing tests)

Control: tags -1 + confirmed Le 13/04/2019 à 18:17, Santiago Vila a écrit : > Package: src:node-serve-static > Version: 1.6.4-2 > Severity: serious > Tags: ftbfs > > Dear maintainer: > > I tried to build this package in buster but it failed: > >

Re: [Pkg-javascript-devel] Request to join the Debian JavaScript Maintainers group

Le 13/04/2019 à 10:00, Graham Inggs a écrit : > I intend to fix the autopkgtests of the packages below. I'll also > update the VCS for Salsa at the same time. Please let me know if > there are any objections. > > node-ansi > node-archy > node-bl > node-clarinet > node-content-disposition >

Re: [Pkg-javascript-devel] Request to join the Debian JavaScript Maintainers group

Le 13/04/2019 à 08:11, Debian GitLab a écrit : > Graham Inggs requested Developer > access to the Debian JavaScript Maintainers > group. Welcome on board ! -- Pkg-javascript-devel mailing list

[Pkg-javascript-devel] Bug#926763: node-miller-rabin: Probably bad implementation of Miller-Rabin

Package: node-miller-rabin Version: 4.0.1-4 Severity: normal Tags: upstream Forwarded: https://github.com/indutny/miller-rabin/issues/9 As reported in #926720, correctly implemented Miller-Rabin test should have false positives only with negligible probability. See https://bugs.debian.org/926720

[Pkg-javascript-devel] Bug#926720: Bug#926720: node-miller-rabin: FTBFS randomly (uses a non-prime to test the test)

Le 09/04/2019 à 21:16, Jakub Wilk a écrit : > * Santiago Vila , 2019-04-09, 15:32: >> AFAIK, this being a primality test, I assume the outcome is either >> "not prime" or "maybe prime", so the only way to test the test is by >> giving a known prime and expect "maybe prime" as output. >> >> So: Why

[Pkg-javascript-devel] Bug#926616: Fwd: Bug#926650 closed by Ivo De Decker (unblock node-deep-extend)

node-deep-extend 0.4.1-2 is unblocked Message transféré Sujet : Bug#926650 closed by Ivo De Decker (unblock node-deep-extend) Date : Mon, 08 Apr 2019 14:36:04 + De : Debian Bug Tracking System Répondre à : 926...@bugs.debian.org Pour : Xavier Guimard

[Pkg-javascript-devel] Bug#926650: unblock: node-deep-extend/0.4.1-2

atch seems to have no consequences on normal node-deep-extend usage, I think it is low risky to unblock node-deep-extend. Patch comes from https://github.com/unclechu/node-deep-extend/commit/9423fae877e2ab6b4aecc4db79a0ed63039d4703 (I just taked the useful part of it). Cheers, Xavier [1]: h

[Pkg-javascript-devel] Bug#926616: Bug#926616: CVE-2018-3750: Prototype Pollution

Control: tags -1 + security Le 08/04/2019 à 00:22, Jeff Cliff a écrit : > Package: node-deep-extend > Version: 0.4.1-1 > Severity: important > > Dear Maintainer, > > As per the ubuntu bug report: > > from https://snyk.io/vuln/npm:deep-extend:20180409 : > > deep-extend "all the listed modules

Re: [Pkg-javascript-devel] Request for review: src:node-ansi-up

update > * upstream tests pass Modified to use pkg-js-tools and so enable upstream test in autopkgtest > * debian/tests/require is successful Removed and replaced by pkg-js-tools/pkg-js-autopkgtest It looks good now for me Cheers, Xavier > What is not done: > > * I do no

Re: [Pkg-javascript-devel] node-yamljs updated

Le 30/03/2019 à 12:39, Xavier a écrit : > Hello, > > I updated node-yamljs, please check my changes to see if all is OK and > ready to push. > > Following our policy, source package should be renamed yamljs.js > (provides node-yamljs and libjs-yamljs). > >

[Pkg-javascript-devel] node-yamljs updated

Hello, I updated node-yamljs, please check my changes to see if all is OK and ready to push. Following our policy, source package should be renamed yamljs.js (provides node-yamljs and libjs-yamljs). Cheers, Xavier https://salsa.debian.org/js-team/node-yamljs -- Pkg-javascript-devel mailing

[Pkg-javascript-devel] Bug#925614: unblock: node-external-editor/2.0.4+dfsg-2

s, I think it is not risky to unblock node-external-editor. Cheers, Xavier [1]: https://ci.debian.net/data/packages/unstable/amd64/n/node-external-editor/latest-autopkgtest/log.gz unblock node-external-editor/2.0.4+dfsg-2 -- System Information: Debian Release: buster/sid APT prefers testing APT po

[Pkg-javascript-devel] Bug#925517: Bug#925517: Non-NSA/Microsoft upstream repo, new version

Le 26/03/2019 à 19:04, Jeffrey Cliff a écrit : > 2.0.0 was the version when Microsoft captured Github.  That's the newest > one I have, but thankfully that's as new as is needed by the version of > eslint in RFP. > > I prefer to do my contributions anonymously.  I am not the author. > >>

[Pkg-javascript-devel] Bug#925517: Bug#925517: Non-NSA/Microsoft upstream repo, new version

Le 26/03/2019 à 17:53, Jeffrey Cliff a écrit : > I don't use NSA/Microsoft github so I'll assume you mean to update the > readme in the repo I control, which I have added a note to.  Is there > anything in specific you are interested in my adding? > > On Tue, 26 Mar 2019 a

Re: [Pkg-javascript-devel] Giuseppe Pereira Interesting to join js-team

Hello, join us on https://salsa.debian.org/js-team and read our docs: * https://wiki.debian.org/Javascript * https://wiki.debian.org/Javascript/Tutorial Cheers, Xavier -- Pkg-javascript-devel mailing list Pkg-javascript-devel@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel

[Pkg-javascript-devel] Bug#924807: Bug#924807: Bug#924807: Bug#924807: Bugs come from conflict between node-uglify and node-uglify-js

Le 18/03/2019 à 06:19, Xavier a écrit : > Le 18/03/2019 à 00:02, Jonas Smedegaard a écrit : >> Quoting Jonas Smedegaard (2019-03-17 23:48:57) >>> Quoting Xavier (2019-03-17 23:12:51) >>>> Control: reassign 924807 uglify-js >>>> Control: reassign 924809 u

[Pkg-javascript-devel] Bug#924807: Bug#924807: Bug#924807: Bugs come from conflict between node-uglify and node-uglify-js

Le 18/03/2019 à 00:02, Jonas Smedegaard a écrit : > Quoting Jonas Smedegaard (2019-03-17 23:48:57) >> Quoting Xavier (2019-03-17 23:12:51) >>> Control: reassign 924807 uglify-js >>> Control: reassign 924809 uglify-js >>> Control: merge 924807 924809 >>>

[Pkg-javascript-devel] Bug#924807: Bug#924807: Bugs come from conflict between node-uglify and node-uglify-js

Le 17/03/2019 à 23:12, Xavier a écrit : > Bug seems to come from conflict between > https://tracker.debian.org/pkg/uglify-js and > https://tracker.debian.org/pkg/uglifyjs: webpack can't now be installed > with uglifyjs node-jscharset build-depends on both webpack and uglifyjs: * web

[Pkg-javascript-devel] Bug#924809: Bugs come from conflict between node-uglify and node-uglify-js

Control: reassign 924807 uglify-js Control: reassign 924809 uglify-js Control: merge 924807 924809 Bug seems to come from conflict between https://tracker.debian.org/pkg/uglify-js and https://tracker.debian.org/pkg/uglifyjs: webpack can't now be installed with uglifyjs Le 17/03/2019 à 19:05,

Re: [Pkg-javascript-devel] Access to js-team on Salsa

tember/027849.html => https://wiki.debian.org/Javascript/GroupSourcesTutorial). Cheers, Xavier -- Pkg-javascript-devel mailing list Pkg-javascript-devel@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel

[Pkg-javascript-devel] Bug#853035: Bug#853035: fixed in node-liftoff 2.3.0-3

Le 15/03/2019 à 20:40, Chris Lamb a écrit : > Chris Lamb wrote: > >>> I didn't find other ways to fix these FTBFS than: >> >> >> >> Thank you. However, can I just underline: >> If this was the "only" way to fix the problem, that should be documented in the package and in the changelog,

[Pkg-javascript-devel] Bug#924589: Decrease severity

Control: severity -1 important Package seems usable with its 2 reverse dependencies: node-superagent which is a dependency of node-multiparty. Only node-multiparty package provides real test. I tested both build and autopkgtest with the 2 versions of node-formidable (old and upgraded) with

[Pkg-javascript-devel] Bug#924589: node-formidable: Unusable with Node.js >= 7

:12) at IncomingForm.writeHeaders (/usr/lib/nodejs/formidable/incoming_form.js:125:8) at IncomingForm.parse (/usr/lib/nodejs/formidable/incoming_form.js:117:8) ... According to https://github.com/felixge/node-formidable it has to be upgraded at least to version 1.1.1 Cheers, Xavier -- Sys

[Pkg-javascript-devel] Bug#924486: ITP: node-nodemailer -- Node.js library to send mails

Package: wnpp Severity: wishlist Owner: Xavier Guimard * Package name: node-nodemailer Version : 5.1.1 Upstream Author : Andris Reinman * URL : https://nodemailer.com/ * License : Expat Programming Lang: Javascript Description : Node.js library to send

<    4   5   6   7   8   9   10   11   >