After filing https://bugs.debian.org/932500 I realized it would be great to have
some automation in place to automatically pull vulnerabilities from
https://snyk.io and turn them into CVE bugs in BTS.
Thoughts ?
Paolo
--
Pkg-javascript-devel mailing list
Processing commands for cont...@bugs.debian.org:
> tags 932500 + security
Bug #932500 [node-mixin-deep] vulnerability: prototype pollution
Added tag(s) security.
> retitle 932500 vulnerability: CVE-2019-10746: prototype pollution
Bug #932500 [node-mixin-deep] vulnerability: prototype pollution
Package: node-mixin-deep
Version: 1.1.3-3
Severity: important
Dear Maintainer,
node-mixin-deep 1.1.3-3 is affected by a prototype pollution vulnerability:
https://snyk.io/vuln/SNYK-JS-MIXINDEEP-450212
https://github.com/jonschlinkert/mixin-deep/issues/6
Please upgrade to either 1.3.2 or 2.0.1.
Hi all,
I agree to merge them. Following our policy, source package should be named
jquery.js.
For now we have:
* node-jquery => src:node-jquery
* libjs-jquery => src:jquery
Then if we don't want to upload a new package, I prefer to keep src:jquery as
source name
Cheers,
Xavier
Le 19
Hi,
Historically we did not have the build tools for jquery in the archive, so a
custom build system was created to build libjs-jquery. If there is any change
in upstream build system, it will be hard to update this build system and since
the same build tools used by upstream is now available