/debian/changelog
index 70f10cb..880adff 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+node-lodash (4.17.11+dfsg-2+deb10u1) buster; urgency=medium
+
+ * Team upload
+ * Fix prototype pollution (Closes: #933079, CVE-2019-10744)
+
+ -- Xavier Guimard Tue, 13 Aug 2019 19:02
Package: node-yallist
Version: 3.0.3-1
Severity: important
node-yallist does not install iterator.js which make it partially
unusable. Please fix install.
-- System Information:
Debian Release: bullseye/sid
APT prefers testing
APT policy: (900, 'testing'), (500, 'unstable')
Architecture:
Package: pkg-js-tools
Version: 0.8.1
Severity: wishlist
After component automatic install, I'd like to propose a default
installer when debian/install is missing.
Other languages have tools to install automatically libraries in the
good place. Sadly we don't have any tool for this. That's why
Package: pkg-js-tools
Version: 0.8.1
Severity: wishlist
When using components in node modules, the best way to use them is to
install them in node_modules/ directory. However, dpkg-source install
them at the top source directory under a directory named by "component"
field value (debian/watch).
Package: ftp.debian.org
Severity: normal
node-husl is no more maintained upstream [1]: it has been replaced by
hsluv.
This package has no reverse dependencies, I think it can safely be
removed form Debian archive.
Cheers,
Xavier
[1]: https://www.npmjs.com/package/husl
--
Pkg-javascript-devel
Package: wnpp
Severity: wishlist
Owner: Xavier Guimard
* Package name: psl.js
Version : 1.2.0
Upstream Author : Lupo Montero
* URL : https://github.com/lupomontero/psl
* License : Expat
Programming Lang: JavaScript
Description : JavaScript domain name
Source: node-husl
Severity: important
Tags: security
Hi all,
husl module is replaced by hsluv, so node-husl is no more upstream
maintained [1].
This module seems unused anywhere in dependencies so perhaps can we simply
remove it from unstable/testing.
If noone disagrees, I plan to launch a
Package: node-duplexer3
Version: 0.1.4-4
Severity: grave
node-duplexer3 provides node-duplexer2: /usr/lib/nodejs/duplexer2 is a
symblik to /usr/lib/nodejs/duplexer3. Nodejs now looks at package.json
"name" field and refuse to load it:
$ node -e 'require("duplexer2")'
Package: pkg-js-autopkgtest
Version: 0.5
Severity: important
nodejs packages can install files in /usr/share/nodejs or
/usr/lib/<$DEB_HOST_MULTIARCH>/nodejs while pkg-js-autopkgtest links
only files from /usr/lib/nodejs. This has to be updated
--
Pkg-javascript-devel mailing list
Package: node-json3
Severity: normal
Tags: security upstream
According to https://github.com/bestiejs/json3, node-json3 is no more
maintained and easy to replace by native JSON.parse/JSON.stringify
functions.
A ROM-RM issue is opened (#931653). This one will avoid testing
migration.
--
+ * Fix debian/copyright format URL
+ * Add upstream/metadata
+
+ -- Xavier Guimard Thu, 18 Apr 2019 14:22:09 +0200
+
node-superagent (0.20.0+dfsg-1) unstable; urgency=medium
* Imported Upstream version 0.20.0+dfsg
diff --git a/debian/control b/debian/control
index 8a9adb8..4207e63 100644
---
6058, CVE-2018-3774)
+ * Enable upstream tests using pkg-js-tools. This adds node-deep-eql,
+node-object-inspect and node-pathval in build dependencies
+ * Fix VCS fields
+ * Fix debian/copyright format URL
+ * Fix description (trailing whitespaces)
+ * Add upstream/metadata
+
+ -- Xavier Guim
Package: node-miller-rabin
Version: 4.0.1-4
Severity: normal
Tags: upstream
Forwarded: https://github.com/indutny/miller-rabin/issues/9
As reported in #926720, correctly implemented Miller-Rabin test should
have false positives only with negligible probability.
See https://bugs.debian.org/926720
elds
+ * Fix debian/copyright years
+ * Add upstream/metadata
+ * Change section to javascript
+
+ -- Xavier Guimard Mon, 08 Apr 2019 14:52:06 +0200
+
node-deep-extend (0.4.1-1) unstable; urgency=medium
- * Initial release
+ * Initial release
-- Thorsten Alteholz Mon, 22 Feb 2016 18:1
Vcs fields for migration to https://salsa.debian.org/
+
+ [ Xavier Guimard ]
+ * Add upstream/metadata
+ * Update debian/copyright format URL
+ * Test: replace the use of deprecated "--compilers" by a test on generated
+files (fixes debci)
+ * Use debian/clean instead of an override
+
Package: node-formidable
Version: 1.0.13-1
Severity: grave
Tags: upstream
Justification: renders package unusable
node-formidable is unusable with Node.js >=7:
Error [ERR_NO_LONGER_SUPPORTED]: Buffer.write(string, encoding, offset[,
length]) is no longer supported
at Buffer.write
Package: wnpp
Severity: wishlist
Owner: Xavier Guimard
* Package name: node-nodemailer
Version : 5.1.1
Upstream Author : Andris Reinman
* URL : https://nodemailer.com/
* License : Expat
Programming Lang: Javascript
Description : Node.js library to send
Package: node-almond
Severity: important
Tags: patch, pending
Hello,
node-almond shoul install package.json else a simple "require('alond')"
will fail.
Patched in https://salsa.debian.org/georgesk/almond/merge_requests/1
-- System Information:
Debian Release: buster/sid
APT prefers testing
Package: node-almond
Severity: important
Tags: pending
Hello,
node-almond installs files in /usr/lib/nodejs/node-almond which is
wrong: a simple `require('almond')` will fail.
Patched in https://salsa.debian.org/georgesk/almond/merge_requests/1
-- System Information:
Debian Release: buster/sid
Package: wnpp
Severity: wishlist
Owner: Xavier Guimard
* Package name: popper.js
Version : 1.14.6
Upstream Author : Federico Zivolo
* URL : https://popper.js.org/
* License : Expat
Programming Lang: Javascript
Description : Javascript library
Package: node-get-value
Version: 3.0.1+~3.0.1-1
Severity: serious
Tags: upstream
node-get-value build-depends on node-micromatch which depends on
node-get-value via some packages
-- System Information:
Debian Release: buster/sid
APT prefers testing
APT policy: (600, 'testing'), (50,
Package: ftp.debian.org
Severity: normal
Hi all,
Please remove node-groove from unstable/testing:
- node-groove isn't compatible with nodejs ≥ 10
- upstream seems abandoned (no response to bugs for more than one year)
- reverse dependencies:
- groovebasin is orphaned
-
Package: ftp.debian.org
Severity: normal
Hello,
please remove this package. Due to FTBFS with nodejs ≥ 10, I updated
node-duplexer3 and add a "Provides: node-duplexer2" in it. There are no
real differences between these packages.
This removal request is only for testing/unstable of course.
Package: coffeescript
Version: 1.12.8~dfsg-2
Severity: wishlist
Please upgrade to 2.x version and remove workaround-918491.patch
Opened to remember to remove this workaround.
-- System Information:
Debian Release: buster/sid
APT prefers testing
APT policy: (900, 'testing'), (500,
Package: libjs-cryptojs
Version: 3.1.2+dfsg-2
Severity: normal
Hello,
upstream project is archived and replaced by
https://github.com/brix/crypto-js. Could you please update it. We can
also take maintainance of this package under JS-Team umbrella if you
want.
Cheers,
Xavier
-- System
Le 06/09/2018 à 08:05, Pirate Praveen a écrit :
> On 06/09/18 10:15 AM, Pirate Praveen wrote:
>> I suggest we categorize the packages in NEW and process accordingly. I can
>> help with categorizing it.
>>
>> I propose the following,
>>
>> 1. Simple modules that could be embedded - REJECT.
>> 2.
101 - 126 of 126 matches
Mail list logo