Package: node-rollup-plugin-terser
Version: 7.0.2-4
Severity: serious
Tags: ftbfs
Justification: Policy 2.1
https://ci.debian.net/packages/n/node-rollup-plugin-terser/testing/amd64/
shows that node-rollup-plugin-terser test randomly fails
--
Pkg-javascript-devel mailing list
Package: lintian
Version: 2.104.0
Severity: normal
X-Debbugs-Cc: pkg-javascript-de...@lists.alioth.debian.org
Hi,
lintian looks enable to understand `packages/*/test` expression when
trying to verify that files declared in debian/tests/pkg-js/files exist.
--
Pkg-javascript-devel mailing list
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: rm
X-Debbugs-Cc: pkg-javascript-de...@lists.alioth.debian.org
Hi,
node-request is deprecated (#956423) and won't be part of Bullseye. I'd
like to see it removed from testing after node-jsdom
Package: coffeescript
Version: 1.12.8~dfsg-4
Severity: serious
coffeescript build seems broken. Logs:
dpkg-source -b .
dpkg-source: info: using source format '3.0 (quilt)'
dpkg-source: info: building coffeescript using existing
./coffeescript_1.12.8~dfsg.orig.tar.gz
dpkg-source: info: using
Package: node-cross-spawn-async
Version: 2.2.5-4
Severity: serious
As node-cross-spawn, node-cross-spawn-async shoul d be kept out of
Bullseye
--
Pkg-javascript-devel mailing list
Pkg-javascript-devel@alioth-lists.debian.net
Package: wnpp
Severity: wishlist
Owner: Xavier Guimard
X-Debbugs-Cc: debian-de...@lists.debian.org,
pkg-javascript-de...@lists.alioth.debian.org
* Package name: ts-jest
Version : 26.4.4
Upstream Author : Kulshekhar Kabra <https://github.com/kulshekhar>
* URL :
Package: node-vinyl-fs
Version: 3.0.3-5
Severity: normal
Please embed typescript definitions
--
Pkg-javascript-devel mailing list
Pkg-javascript-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
Package: node-gyp-build
Severity: serious
Justification: Policy 2.1
node-gyp-rebuild replaces `node-gyp rebuild` using pre-compiled
binaries. This is useless in Debian.
I did an error when packaging it, this package should be removed from
Debian archive, shouldn't it?
--
Pkg-javascript-devel
Package: ftp.debian.org
Severity: normal
X-Debbugs-Cc: pkg-javascript-de...@lists.alioth.debian.org
Hi,
all reverse dependencies to node-babel-preset-env have been updated to
use node-babel7 (or virtual "node-babel-preset-env ≥ 7"), so this
package can now be safely removed from Debian archive.
Package: node-express-generator
Version: 4.0.0-2
Severity: grave
Tags: sid, ftbfs
Justification: renders package unusable
node-express-generator isn't compatible with current node-commander,
neither node-mkdirp. As it has no reverse dependency, I suggest to
remove it from Debian
--
Package: node-consolidate
Version: 0.15.1+repack-1
Severity: serious
Enabling test proves that node-consolidate depends on node-babel-core 6:
```
function requireReact(module, filename) {
var babel = requires.babel || (requires.babel = require('babel-core'));
var compiled =
Package: node-terser
Version: 4.1.2-7
Severity: important
Tags: patch
With commander 6, uglifyjs.terser displays:
Usage: uglifyjs [options]...
instead of:
Usage: uglifyjs.terser [options]...
The simple attached patch fixes test check with a more tolerant regex.
Please apply this patch if
Package: ftp.debian.org
Severity: normal
X-Debbugs-Cc: pkg-javascript-de...@lists.alioth.debian.org
Hi,
node-samsam is deprecated. It is now @sinonjs/samsam
(node-sinonjs-samsam) which is part of node-sinon.
node-samsam has no reverse dependencies, it should be removed from
Debian archive.
Package: libjs-bootstrap4
Version: 4.5.2+dfsg1-3
Severity: serious
Version 4.5.2+dfsg1-2 transform /usr/share/javascript/bootstrap4 from
symlink to dir without any maintscript. This break updates.
--
Pkg-javascript-devel mailing list
Pkg-javascript-devel@alioth-lists.debian.net
Package: ftp.debian.org
Severity: normal
X-Debbugs-Cc: pkg-javascript-de...@lists.alioth.debian.org
node-jsv isn't maintained upstream for 8 years, useless and unmaintained
in Debian. It has no reverse dependencies and could be safely removed.
--
Pkg-javascript-devel mailing list
Package: libjs-milligram
Severity: serious
Tags: security
libjs-milligram is marked as maintained by JS Team, howeber uploader is
not member of this team and repository isn't under /js-team/ tree.
--
Pkg-javascript-devel mailing list
Pkg-javascript-devel@alioth-lists.debian.net
Package: node-regenerator-transform
Version: 0.14.5-2
Severity: serious
Tags: ftbfs
Since 0.14.5-2, dependency to node-babel7 was replaced by a dependency to
node-babel-runtime (>= 7) which is provided by:
* node-babel-runtime (src node-babel 6)
* virtual node-babel-runtime provided by
Package: wnpp
Severity: wishlist
Owner: Xavier Guimard
X-Debbugs-Cc: debian-de...@lists.debian.org,
pkg-javascript-de...@lists.alioth.debian.org
* Package name: node-gyp-build
Version : 4.2.3
Upstream Author : Mathias Buus
* URL : https://github.com/prebuild/node
Package: node-rollup-plugin-terser
Version: 7.0.2-2
Severity: grave
Justification: renders package unusable
When trying current rollup-plugin-terser (7.0.2) with current
node-terser (4.1.2), package is unuseable:
$ rollup -c
index.js → dist/pako.js, dist/pako.min.js...
[!] (plugin terser)
Package: ts-node
Version: 9.0.0-1
Severity: serious
Tags: ftbfs
Here is the relevant part of build log:
make[1]: Entering directory '/<>'
tsc
src/index.spec.ts(4,25): error TS2307: Cannot find module 'semver' or its
corresponding type declarations.
make[1]: *** [debian/rules:7:
Package: node-istanbul
Version: 0.4.5+ds+~cs53.14.45-1
Severity: important
babel-types should be replaced by @babel/types
--
Pkg-javascript-devel mailing list
Pkg-javascript-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
Package: ftp.debian.org
Severity: normal
X-Debbugs-Cc: pkg-javascript-de...@lists.alioth.debian.org
Hi,
node-formatio isn't maintained upstream [1]: it has been replaced by
@sinonjs/formatio which is included in node-sinon. No package depend on
it, so I think it should be removed from Debian
Package: node-backbone
Version: 1.3.3~dfsg-5
Severity: important
node-typescript-types is deprecated, please embed @types/backbone in
node-backbone.
--
Pkg-javascript-devel mailing list
Pkg-javascript-devel@alioth-lists.debian.net
Package: wabt
Version: 1.0.20-1
Severity: important
X-Debbugs-Cc: pkg-javascript-de...@lists.alioth.debian.org
Hi,
wabt.js upstream repository is a minified file built from wabt. This
package is a reverse dependency of many packages in Debian (via webpack,
webassembly, jest,...). Without it,
Package: node-schema-utils
Version: 2.6.6-1
Severity: serious
node-schema-utils API changed: `require("schema-utils")` becomes
`require("schema-utils").validate`
--
Pkg-javascript-devel mailing list
Pkg-javascript-devel@alioth-lists.debian.net
Package: node-uuid
Version: 8.2.0-1
Severity: important
Hi,
node-uuid breaks dependent package with error like:
Package subpath './v1' is not defined by "exports" in
/usr/share/nodejs/uuid/package.json
(same error with any of v{1,2,3,4}.js)
Cheers,
Xavier
--
Pkg-javascript-devel mailing
Package: node-requirejs
Version: 2.3.6-2
Severity: important
X-Debbugs-Cc: pkg-javascript-de...@lists.alioth.debian.org
Hi,
to avoid version conflicts, JS team decided to remove typescript
definitions (node-typescript-types) and embed them directly in the
relevant packages.
node-requirejs isn't
Package: node-client-sessions
Version: 0.8.0-2
Severity: serious
Tags: ftbfs upstream
Hi,
node-request won't be part of bullseye, please patch
node-client-sessions to replace node-request by another library
(node-got, node-fetch, node-axios,...).
--
Pkg-javascript-devel mailing list
Package: ftp.debian.org
Severity: normal
X-Debbugs-Cc: pkg-javascript-devel@alioth-lists.debian.net
Hi,
eyes.js is no longer maintained upstream. I patched its reverse
dependency (vows) to remove this link. No eyes.js can be safely removed
from Debian.
This removal has been discussed in RC-bug
Package: wnpp
Severity: wishlist
Owner: Xavier Guimard
X-Debbugs-Cc: debian-de...@lists.debian.org,
pkg-javascript-de...@lists.alioth.debian.org
* Package name: node-source-map-resolve
Version : 0.6.0
Upstream Author : Simon Lydell
* URL : https://github.com/lydell
Package: node-eslint-scope
Version: 5.0.0-2
Severity: important
Hi,
@types/eslint-scope is required at least to upgrade webpak. Please embed
it.
Cheers,
Xavier
--
Pkg-javascript-devel mailing list
Pkg-javascript-devel@alioth-lists.debian.net
Package: eslint
Version: 5.16.0~dfsg-7
Severity: important
Hi,
@types/eslint is required at least to update webpack. Please embed it.
Cheers,
Xavier
--
Pkg-javascript-devel mailing list
Pkg-javascript-devel@alioth-lists.debian.net
Package: npm2deb
Version: 0.3.0-5
Severity: important
npm2deb currently uses salsa repository to know if a package already
exists or not. This is a bad way because:
* some node packages are not under pkg-js umbrella (node-almond,...)
* lintian warns when a package does not declare its modules
Package: node-lightgallery
Version: 1.6.11+dfsg-1
Severity: serious
Justification: 4
Hi,
debian/source/lintian-overrides overwrites some real problems: the
"concat" part of Gulpfile uses modules/* files which are all obfuscated
using minification (downloaded from distinct sources).
A possible
Package: node-pruddy-error
Version: 2.0.2-1
Severity: important
Tags: patch
Hi,
test is not enabled in this package, while it is easy to enable it:
* `echo mocha >debian/tests/pkg-js/test`
* install "assume" and "fn.name" in debian/tests/test_modules
and update debian/copyright
* update
Package: node-babel7
Version: 7.11.6+~cs65.71.39-1
Severity: normal
This is required by @babel/runtime/regenerator/index.js
--
Pkg-javascript-devel mailing list
Pkg-javascript-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
Package: lintian
Version: 2.97.0
Severity: normal
X-Debbugs-Cc: pkg-javascript-de...@lists.alioth.debian.org
When building nodejs packages, using dh-sequence-nodejs, lintian
reports:
E: node-rollup-plugin-typescript source:
missing-build-dependency-for-dh-addon nodejs => pkg-js-tools
This is
Package: node-locate-character
Version: 2.0.5-1
Severity: serious
Justification: source-is-missing
2.0.5 is packaged from npm registry temporarily to be able to build
rollup 2. Upstream didn't push 2.0.5 source in git repo (last github
release/HEAD is 2.0.1), then 2.0.5 was packaged from npm
Package: rollup
Version: 1.12.0-2
Severity: serious
Tags: ftbfs
Justification: Policy 7.7.7
node-rollup 1.12.0 can't be build with current typescript (4.0.2). It
requires tsc 3.4.5 (tested with success). Output:
$ tsc --esModuleInterop
src/ModuleLoader.ts:59:3 - error TS2322: Type '(id: string)
Package: wnpp
Severity: wishlist
Owner: Xavier Guimard
X-Debbugs-Cc: debian-de...@lists.debian.org,
pkg-javascript-de...@lists.alioth.debian.org
* Package name: node-deepmerge
Version : 4.2.2
Upstream Author : Josh Duff
* URL : https://github.com/TehShrike/deepmerge
Package: gyp
Version: 0.1+20200513gitcaa6002-1
Severity: normal
Hi,
gyp is currently maintain under pkg-js umbrella. This package is a cross
platform tool written in Python and stored in salsa.d.o/debian/ area.
Then I don't understand the link with pkg-js team.
Cheers,
Xavier
--
Package: node-deep-for-each
Version: 3.0.0-1
Severity: serious
Control: affects -1 node-grunt-webpack
Version 3.0.0 breaks node-grunt-webpack. Probably due to this change:
> This library is no longer built with Babel, you must compile it
> yourself within your app
Revert to a version 2.x may
Package: node-code
Version: 6.0.0-3
Severity: important
Hi,
node-code is useless and has a name that could be ambiguous. Upstream
name is now @hapi/code.
I think we should remove this package. If a package needs @hapi/code,
we could package it later.
--
Pkg-javascript-devel mailing list
Package: node-babel7
Version: 7.4.5+~cs6.2.2-2
Severity: important
Control: affects -1 twitter-boostrap4
Please upgrade to last published version (7.9.6). This is required at
least to upgrade twitter-bootstrap to 4.5.0
--
Pkg-javascript-devel mailing list
Package: ftp.debian.org
Severity: normal
Hi,
node-babel-plugin-transform-builtin-extend is deprecated with
node-babel7. It should be removed from Debian archive
--
Pkg-javascript-devel mailing list
Pkg-javascript-devel@alioth-lists.debian.net
Package: eslint
Version: 5.16.0~dfsg-5
Severity: serious
Justification: unknwon
Hi,
node-babel7 seems required by autopkgtest test:
not ok 344 -
/tmp/autopkgtest-lxc.9p09fhxf/downtmp/build.w0w/src/lib/formatters/codeframe.js
---
message: '"@babel/code-frame" is not found.'
severity:
Source: libjs-webrtc-adapter
Severity: important
Hi,
please remove dependency to node-babel-preset-env: this package seems
useless with node-babel7 and is going to be removed with node-babel 6.
--
Pkg-javascript-devel mailing list
Pkg-javascript-devel@alioth-lists.debian.net
Package: node-babel7
Version: 7.4.5-8
Severity: important
Control: affects -1 node-string-decoder
@babel/polyfill requires core-js/es6 and some other core-js files that
are not available with node-core-js ≥ 3
--
Pkg-javascript-devel mailing list
Pkg-javascript-devel@alioth-lists.debian.net
Package: node-babel7
Version: 7.4.5-8
Severity: important
Control: affects -1 node-crc
@babel/register depends on node-pirates which is not available in Debian
archives. This blocks node-crc update to node-babel7.
--
Pkg-javascript-devel mailing list
Pkg-javascript-devel@alioth-lists.debian.net
Package: ftp.debian.org
Severity: normal
Hi,
node-vue-template-compiler has the same source than node-vue. Since
node-vue 2.6.11+dfsg-1, this package is provided by node-vue
Cheers,
Xavier
--
Pkg-javascript-devel mailing list
Pkg-javascript-devel@alioth-lists.debian.net
Package: ftp.debian.org
Severity: normal
Hi,
following #940975, I unified node-jquery and libjs-jquery (same source)
in src:node-jquery source package. Then no need to keep src:jquery in
Debian archive.
Cheers,
Xavier
--
Pkg-javascript-devel mailing list
Package: node-eslint-plugin-html
Version: 3.2.1-3
Followup-For: Bug #950654
Hi,
in previous upload, eslint was moved from binary dependency to
"Enhances". This breaks autopkgtest. Please revert that change.
--
Pkg-javascript-devel mailing list
Pkg-javascript-devel@alioth-lists.debian.net
Package: node-doctrine
Version: 3.0.0-1
Severity: important
Following [1], node-doctrine is deprecated. Should be removed after
eslint >6 update.
[1]: https://github.com/eslint/doctrine#deprecation-notice
--
Pkg-javascript-devel mailing list
Pkg-javascript-devel@alioth-lists.debian.net
(Closes: CVE-2020-7608)
+
+ -- Xavier Guimard Tue, 24 Mar 2020 10:22:44 +0100
+
node-yargs-parser (11.1.1-1) unstable; urgency=medium
[ Utkarsh Gupta ]
diff --git a/debian/patches/CVE-2020-7608.diff
b/debian/patches/CVE-2020-7608.diff
new file mode 100644
index 000..262102e
--- /dev/null
Package: ftp.debian.org
Severity: normal
Hi,
node-run-sequence is a sort of plugin for gulp 3 to be able to launch
tasks in series/parallel. Since version 4, gulp has its own system
(gulp.series and gulp.parallel) and node-run-sequence isn't compatible
with it [#954557]. I fixed all reverse
Package: node-acorn
Version:
6.2.1+ds+~0.4.0+~4.0.0+really4.0.0+~1.0.0+~5.0.1+ds+~1.7.0+ds+~0.1.1+~0.3.1+~0.2.0+~0.1.0+~0.3.0+~0.3.0-14
Severity: normal
Hi,
node-acorn bu=inary has been renamed to node-debbundle-acorn. Most of
our packages depends on node-acorn which is now a virtual package
Package: ftp.debian.org
Severity: normal
Hi,
node-acorn-dynamic-import is now included in node-acorn. This package
should be removed from unstable.
I fixed all packages mentionned in dak report (replaced by node-acorn):
8<
Will remove the following packages from unstable:
Package: node-debug
Version: 4.1.1-2
Severity: wishlist
Hi,
could you add @types/debug component in node-debug ? This is required to
update node-ws
Cheers,
Xavier
--
Pkg-javascript-devel mailing list
Pkg-javascript-devel@alioth-lists.debian.net
Package: wnpp
Severity: wishlist
Owner: Xavier Guimard
* Package name: node-babel7
Version : 7.4.5
Upstream Author : Sebastian McKenzie
* URL : https://babeljs.io/
* License : Expat
Programming Lang: JavaScript
Description : compiler for next
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: rm
Hi,
current node-srs is not compatible with Node.js ≥ 12. Upgrade is not
possible for now since it requires an update of libgdal (and upgraded
version is not compatible with Node.js ≥ 12 too).
Package: node-nodedbi
Severity: grave
Tags: upstream
Justification: renders package unusable
Hi,
node-nodedbi is not compatible with Node.js ≥ 12. This RC bug will
permit to remove this (useless for now) package from testing to permit
Node.js 12 migration.
--
Pkg-javascript-devel mailing list
: #952771, 2019, 10785)
+
+ -- Xavier Guimard Sat, 29 Feb 2020 09:07:02 +0100
+
dojo (1.15.0+dfsg1-1) unstable; urgency=medium
* New upstream version :
diff --git a/debian/patches/CVE-2019-10785.patch
b/debian/patches/CVE-2019-10785.patch
new file mode 100644
index ..67ab40f2
--- /dev/null
Package: node-regenerator-transform
Version: 0.14.1-2
Severity: important
package.json mention a preset to @babel/preset-env which is not
available. This affects node-crc build.
-- System Information:
Architecture: amd64 (x86_64)
Kernel: Linux 5.4.0-3-amd64
Versions of packages
Package: node-fetch
Version: 1.7.3-1
Severity: normal
Hi,
all is in the title ;-)
--
Pkg-javascript-devel mailing list
Pkg-javascript-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
Package: ftp.debian.org
Severity: normal
Hi,
validator.js is unmaintained (locked in unstable for a while). Dak
reports no dependency. Then I think it is safe to remove it from Debian.
Cheers,
Xavier
--
Pkg-javascript-devel mailing list
Pkg-javascript-devel@alioth-lists.debian.net
Package: ftp.debian.org
Severity: normal
Hi,
I propose to remove node-simplesmtp:
* it looks orphaned upstream (last commit 2015-02-16)
* it is deprecated in favor of "smtp-server" [1]
* enabling tests shows that library is buggy
* popcon rank ~ 14
* dak reports shows no reverse build
Package: node-eslint-plugin-flowtype
Version: 2.25.0-1
Severity: serious
Package is unusable since files are not built during build
--
Pkg-javascript-devel mailing list
Pkg-javascript-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
Package: node-copy-webpack-plugin
Version: 4.3.0-6
Followup-For: Bug #950568
This package depends on webpack-log which is not packaged.
--
Pkg-javascript-devel mailing list
Pkg-javascript-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
Package: node-eslint-plugin-html
Version: 3.2.1-1
Severity: serious
This package seems unusable without eslint. See
https://ci.debian.net/data/autopkgtest/unstable/amd64/n/node-eslint-plugin-html/3801441/log.gz
--
Pkg-javascript-devel mailing list
Pkg-javascript-devel@alioth-lists.debian.net
Package: ftp.debian.org
Severity: normal
Hi,
node-tilelive-vector depends on node-mapnik which is going to be
removed.
Cheers,
Xavier
--
Pkg-javascript-devel mailing list
Pkg-javascript-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
Package: ftp.debian.org
Severity: normal
Hi,
node-tilelive-mapnik depends on node-mapnik which is going to be
removed.
Cheers,
Xavier
--
Pkg-javascript-devel mailing list
Pkg-javascript-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
Package: ftp.debian.org
Severity: normal
Hi,
node-tilelive-bridge depends on node-mapnik which is going to be
removed.
Cheers,
Xavier
--
Pkg-javascript-devel mailing list
Pkg-javascript-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
Package: ftp.debian.org
Severity: normal
Hi,
node-mapnik 3.7.x is incompatible with Node.js ≥ 12 and it seems that mapnik
itself can't be upgraded, then we can't upgrade node-mapnik to 4.x.
This package is used only by node-tilelive-* package which seem
unmaintained also.
Cheers,
Xavier
--
Package: node-lodash
Version: 4.17.15+dfsg-1
Severity: important
Hi,
our lodash does not export while npm registry one export it. This
affects node-grunt-legacy-util upgrade. To reproduce this, try
node-grunt-legacy-util test from salsa:
$ dh_quilt_patch
$ sh debian/tests/pkg-js/test
-2019-20149)
+
+ -- Xavier Guimard Fri, 17 Jan 2020 06:19:37 +0100
+
node-kind-of (6.0.2+dfsg-1) unstable; urgency=medium
* Team upload
diff --git a/debian/patches/CVE-2019-20149.diff
b/debian/patches/CVE-2019-20149.diff
new file mode 100644
index 000..0129c8e
--- /dev/null
+++ b/debian
Package: ftp.debian.org
Severity: normal
Hi,
binary libjs-i18next is provided by:
* src: node-i18next
* src: libjs-i18next
The first is up-to-date and provide both browser and node libraries, not the
second. So I propose to remove src:libjs-i18next from our archive.
Cheers,
Xavier
--
Package: yarnpkg
Version: 1.19.1-1
Severity: important
Hi,
yarnpkg does not depends on npm but this package is required to use it
--
Pkg-javascript-devel mailing list
Pkg-javascript-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
/changelog
index b985661..95811b9 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+node-handlebars (3:4.1.0-1+deb10u1) buster; urgency=medium
+
+ * Team upload
+ * Disallow calling "helperMissing" and "blockHelperMissing" directly
+(Closes: CVE-2019-19919)
+
Source: node-babel
Severity: important
Hi,
node-babel depends on itself during build. Then when I try to update it with
node-core-js ≥3, I got this:
Error: Cannot find module 'core-js/library/fn/get-iterator'
at Function.Module._resolveFilename (internal/modules/cjs/loader.js:636:15)
at
+deb10u1) buster; urgency=medium
+
+ * Add patches to fix arbitrary path access
+(Closes: CVE-2019-16775, CVE-2019-16776, CVE-2019-16777)
+
+ -- Xavier Guimard Sun, 15 Dec 2019 16:19:02 +0100
+
npm (5.8.0+ds6-4) unstable; urgency=medium
* Team upload
diff --git a/debian/patches/CVE-2019
Package: node-express
Version: 4.17.1-1
Severity: important
Tags: upstream
Forwarded: https://github.com/expressjs/express/issues/4136
Hi,
node-express is not compatible with recent node-path-to-regex. This
affects node-superagent tests and renders part of express unusable.
The fix is simple
Package: node-typescript
Version: 3.6.4-1
Severity: wishlist
Hi,
ts-node is often used in conjunction with typescript. It could be useful
to embed it in node-typescript.
> TypeScript execution and REPL for node.js, with source map support.
>
> # Execute a script as `node` + `tsc`.
> ts-node
Package: ftp.debian.org
Severity: normal
node-passport-oauth seems unmaintained. It is based on node-oauth which
seems not maintained anymore [1] and is not compatible with recent
Google/Facebook API.
node-passport-oauth has no reverse dependencies
Cheers,
Xavier
[1]:
Package: ftp.debian.org
Severity: normal
node-oauth seems unmaintained upstream [1] and is not compatible with
recent Google/Facebook API.
Its only one revese dependency (node-passport-oauth) seems also
unmaintained. A "dak rN" shows that node-oauth and node-passport-oauth
can be removed safely.
941354
+Forwarded: not-needed
+Reviewed-By: Xavier Guimard
+Last-Update: 2019-10-03
+
+--- a/__tests__/registries/npm-registry.js
b/__tests__/registries/npm-registry.js
+@@ -750,6 +750,30 @@
+
+ expect(npmRegistry.getRequestUrl(registry,
pathname)).toEqual('https://my.registry.co/regist
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu
Hi,
node-set-value is vulnerable to prototype pollution (#941189,
CVE-2019-10747). I imported and adapted upstream patch and added a test
inspired from CVE report [1]. I think this
Package: wnpp
Severity: wishlist
Owner: Xavier Guimard
* Package name: node-rxjs
Version : 6.5.3
Upstream Author : Ben Lesh
* URL : https://github.com/ReactiveX/RxJS
* License : Apache-2.0
Programming Lang: JavaScript
Description : reactive extensions
Package: node-regenerator-transform
Version: 0.9.8-2
Severity: important
node-regenerator-transform is taken from npm registry. Its source comes
from node-regenerator [1] which provides:
* node-regenerator (not in Debian)
* node-regenerator-preset(not in Debian)
*
Package: node-object-assign
Version: 4.1.1-2
Severity: important
node-object-assign publishes a /usr/lib/nodejs/object.assign link, this
is bad since object.assign is a different module with different
functions (getPolyfill function for example).
--
Pkg-javascript-devel mailing list
Package: ftp.debian.org
Severity: normal
Hi all,
mirror.js is upstream unmaintained for at least 7 years. It has no
reverse dependencies so I think it should be removed from Debian.
Regards,
Xavier
# dak output
$ dak -rN mirror.js
Will remove the following packages from unstable:
mirror.js |
Package: ftp.debian.org
Severity: normal
Hi all,
languages4translatewiki is upstream unmaintained at least for 7 years.
It has no reverse dependencies, so I think it should be removed from
Debian.
Cheers,
Xavier
# dak output
$ dak -rN languages4translatewiki
Will remove the following packages
Package: ftp.debian.org
Severity: normal
Hi all,
polymaps has no reverse dependencies and is no more upstream maintained
for at least 8 years. I think it should be removed from Debian.
Cheers,
Xavier
# dak output:
$ dak rm -Rn
Will remove the following packages from unstable:
libjs-polymaps |
Package: ftp.debian.org
Severity: normal
Hi all,
backbone-dirty.js is no more updated for at least 7 years, has no
reverse dependencies and has not been updated since old-old-stable. So I
think it should be removed from Debian.
Best regards,
Xavier
# dak output:
$ dak rm -Rn backbone-dirty.js
Package: rainloop
Version: 1.12.1-2
Severity: important
Hi,
node-json3 is unmaintained and easy to replace by native JSON.parse and
JSON.stringify functions. rainloop is the last package that still use
this old library. Could you patch rainloop to permits a ROM-RM of
node-json3?
Cheers,
Xavier
Package: mocha
Version: 4.1.0+ds3-5
Severity: normal
Hi all,
mocha depends on oxygen-icon-theme just for 2 links on very little icons
(749 B and 1343 B). I think we could copy these 2 files during build and
no more binary-depends on oxygen-icon-theme.
The dependency on a such big package
Package: pkg-js-tools
Version: 0.9.5
Severity: wishlist
Hi all,
I suggest to remove all node-* modules from build dependencies and
enable build tests (grunt) only in autopkgtest tests. This will avoid
some circular build dependencies. Only nodejs will stay in build deps.
Do you agree?
--
Package: pkg-js-tools
Version: 0.9.5
Severity: grave
Justification: renders package unusable
pkg-js-tools was based on add_command_options which disappears in
Debhelper 12.5.1. This renders pkg-js-tools unusable.
--
Pkg-javascript-devel mailing list
Pkg-javascript-devel@alioth-lists.debian.net
Package: ftp.debian.org
Severity: normal
Hi all,
libv8-3.14 is an outdated library with many security issue [1]. It had
one reverse dependency which is ROM-RM also (#934243, done).
Then I think it should be removed from Debian.
Cheers,
Xavier
[1]:
Package: ftp.debian.org
Severity: normal
Hi all,
jscommunicator has been removed from testing 3 years ago. 26 issues are
opened upstream [1], but there is no changes for 4 years. jscommunicator
has no reverse dependencies.
That's why I think it should be removed from Debian.
Cheers,
Xavier
--
Package: ftp.debian.org
Severity: normal
Hi all,
node-yawl never entered to testing due to FTBFS. Issue posted to
upstream [1], but nobody answers. node-yawl has no reverse dependencies.
That's why I propose to remove it from Debian
Cheers,
Xavier
[1]:
1 - 100 of 126 matches
Mail list logo
