[Pkg-javascript-devel] Bug#930634: Bug#930634: Build failures with rollup 0.56

On Sat, 28 Sep 2019 23:16:06 +0530 Pirate Praveen wrote: > > > On Sat, Sep 28, 2019 at 16:12, Xavier wrote: > > help.pm is probably filtered. Overwrite in debian/nodejs/files > > I think the root cause is incompatibility with rollup-plugin-string > (they want 2.x and we already have 3.x). >

[Pkg-javascript-devel] Bug#941354: node-yarnpkg: CVE-2019-5448

Source: node-yarnpkg Version: 1.13.0-2 Severity: important Tags: security upstream Control: found -1 1.13.0-1 Hi, The following vulnerability was published for node-yarnpkg. CVE-2019-5448[0]: | Yarn before 1.17.3 is vulnerable to Missing Encryption of Sensitive | Data due to HTTP URLs in

[Pkg-javascript-devel] Bug#941353: Object.defineProperty should be used to set value to exports.__esModule

Package: node-vlq, node-magic-string severity: serious justification: breaks rollup Control: block 930634 by -1 See This line "exports.__esModule = true;" should be changed to "Object.defineProperty(exports, '__esModule', { value:

[Pkg-javascript-devel] Processed: Object.defineProperty should be used to set value to exports.__esModule

Processing control commands: > block 930634 by -1 Bug #930634 [rollup] Update rollup to new upstream release 930634 was blocked by: 930635 930634 was not blocking any bugs. Added blocking bug(s) of 930634: 941353 -- 930634: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930634 941353:

[Pkg-javascript-devel] Processed: node-yarnpkg: CVE-2019-5448

Processing control commands: > found -1 1.13.0-1 Bug #941354 [src:node-yarnpkg] node-yarnpkg: CVE-2019-5448 Marked as found in versions node-yarnpkg/1.13.0-1. -- 941354: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941354 Debian Bug Tracking System Contact ow...@bugs.debian.org with

[Pkg-javascript-devel] Bug#941354: upstream patch link

one way to address this is importing this as a debian/patch: https://github.com/yarnpkg/yarn/commit/2f08a7405cc3f6fe47c30293050bb0ac94850932 Paolo -- Pkg-javascript-devel mailing list Pkg-javascript-devel@alioth-lists.debian.net

[Pkg-javascript-devel] Processed: tagging 941354

Processing commands for cont...@bugs.debian.org: > tags 941354 + fixed-upstream Bug #941354 [src:node-yarnpkg] node-yarnpkg: CVE-2019-5448 Ignoring request to alter tags of bug #941354 to the same tags previously set > thanks Stopping processing here. Please contact me if you need assistance. --

[Pkg-javascript-devel] Bug#930268: forwarded

control: forwarded -1 https://github.com/microsoft/TypeScript/issues/33661 -- Pkg-javascript-devel mailing list Pkg-javascript-devel@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel

[Pkg-javascript-devel] Processing of node-d3_4.13.0-8_source.changes

node-d3_4.13.0-8_source.changes uploaded successfully to localhost along with the files: node-d3_4.13.0-8.dsc node-d3_4.13.0-8.debian.tar.xz node-d3_4.13.0-8_source.buildinfo Greetings, Your Debian queue daemon (running on host usper.debian.org) -- Pkg-javascript-devel mailing

[Pkg-javascript-devel] Bug#941354: marked as done (node-yarnpkg: CVE-2019-5448)

Your message dated Sun, 29 Sep 2019 18:19:49 + with message-id and subject line Bug#941354: fixed in node-yarnpkg 1.13.0-3 has caused the Debian Bug report #941354, regarding node-yarnpkg: CVE-2019-5448 to be marked as done. This means that you claim that the problem has been dealt with. If

[Pkg-javascript-devel] Processed: Bug#941359 marked as pending in pkg-js-tools

Processing control commands: > tag -1 pending Bug #941359 [pkg-js-tools] auto install types when types: field is present in package.json Added tag(s) pending. -- 941359: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941359 Debian Bug Tracking System Contact ow...@bugs.debian.org with

[Pkg-javascript-devel] node-d3_4.13.0-8_source.changes ACCEPTED into unstable

Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 29 Sep 2019 23:14:33 +0530 Source: node-d3 Architecture: source Version: 4.13.0-8 Distribution: unstable Urgency: medium Maintainer: Debian Javascript Maintainers Changed-By: Pirate Praveen Changes: node-d3

[Pkg-javascript-devel] node-yarnpkg_1.13.0-3_source.changes ACCEPTED into unstable

Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 29 Sep 2019 14:07:45 +0200 Source: node-yarnpkg Architecture: source Version: 1.13.0-3 Distribution: unstable Urgency: medium Maintainer: Debian Javascript Maintainers Changed-By: Paolo Greppi Closes: 941354

[Pkg-javascript-devel] pkg-js-tools_0.9.14_sourceonly.changes ACCEPTED into unstable

Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 29 Sep 2019 22:36:55 +0200 Source: pkg-js-tools Architecture: source Version: 0.9.14 Distribution: unstable Urgency: medium Maintainer: Debian Javascript Maintainers Changed-By: Xavier Guimard Closes: 940648

[Pkg-javascript-devel] Bug#940648: marked as done (Do not install bench dir)

Your message dated Sun, 29 Sep 2019 21:05:39 + with message-id and subject line Bug#940648: fixed in pkg-js-tools 0.9.14 has caused the Debian Bug report #940648, regarding Do not install bench dir to be marked as done. This means that you claim that the problem has been dealt with. If this

[Pkg-javascript-devel] Bug#941359: marked as done (auto install types when types: field is present in package.json)

Your message dated Sun, 29 Sep 2019 21:05:39 + with message-id and subject line Bug#941359: fixed in pkg-js-tools 0.9.14 has caused the Debian Bug report #941359, regarding auto install types when types: field is present in package.json to be marked as done. This means that you claim that

[Pkg-javascript-devel] Processing of node-yarnpkg_1.13.0-3_source.changes

node-yarnpkg_1.13.0-3_source.changes uploaded successfully to localhost along with the files: node-yarnpkg_1.13.0-3.dsc node-yarnpkg_1.13.0-3.debian.tar.xz node-yarnpkg_1.13.0-3_source.buildinfo Greetings, Your Debian queue daemon (running on host usper.debian.org) --

[Pkg-javascript-devel] Processing of pkg-js-tools_0.9.14_sourceonly.changes

pkg-js-tools_0.9.14_sourceonly.changes uploaded successfully to localhost along with the files: pkg-js-tools_0.9.14.dsc pkg-js-tools_0.9.14.tar.xz Greetings, Your Debian queue daemon (running on host usper.debian.org) -- Pkg-javascript-devel mailing list

[Pkg-javascript-devel] Bug#930634: Bug#930634: Build failures with rollup 0.56

On Sun, Sep 29, 2019 at 17:19, Pirate Praveen wrote: Control: block -1 by 933091 On Sun, Sep 29, 2019 at 17:00, Pirate Praveen wrote: On Sat, 28 Sep 2019 23:16:06 +0530 Pirate Praveen mailto:prav...@onenetbeyond.org>> wrote: On Sat, Sep 28, 2019 at 16:12, Xavier

[Pkg-javascript-devel] Bug#941354: Bug#941354: proposed fix

On 2019, സെപ്റ്റംബർ 29 6:13:21 PM IST, Paolo Greppi wrote: >Should I upload this to unstable ? Yes >Will it automatically roll to stable ? No, you will have to build it on buster and upload to buster-security after security team approves the debdiff. -- Sent from my Android device with K-9

[Pkg-javascript-devel] Bug#930634: Bug#930634: Build failures with rollup 0.56

Control: block -1 by 933091 On Sun, Sep 29, 2019 at 17:00, Pirate Praveen wrote: On Sat, 28 Sep 2019 23:16:06 +0530 Pirate Praveen mailto:prav...@onenetbeyond.org>> wrote: On Sat, Sep 28, 2019 at 16:12, Xavier > wrote: > help.pm is probably filtered. Overwrite

[Pkg-javascript-devel] Processed: tagging 941354

Processing commands for cont...@bugs.debian.org: > tags 941354 + fixed-upstream Bug #941354 [src:node-yarnpkg] node-yarnpkg: CVE-2019-5448 Added tag(s) fixed-upstream. > thanks Stopping processing here. Please contact me if you need assistance. -- 941354:

[Pkg-javascript-devel] Bug#941309: node-browserify-lite: unreproducible dependency map order

Control: forwarded -1 https://github.com/andrewrk/browserify-lite/pull/13 Upstream pointed out that this doesn't escape special characters in file names; corrected version follows. Subject: Ease reproducible build author: Rebecca N. Palmer" Sort module list and dependency lists in order to be

[Pkg-javascript-devel] Processed: Re: node-browserify-lite: unreproducible dependency map order

Processing control commands: > forwarded -1 https://github.com/andrewrk/browserify-lite/pull/13 Bug #941309 [node-browserify-lite] node-browserify-lite: unreproducible dependency map order Set Bug forwarded-to-address to 'https://github.com/andrewrk/browserify-lite/pull/13'. -- 941309:

[Pkg-javascript-devel] Bug#941359: auto install types when types: field is present in package.json

Package: pkg-js-tools version: 0.9.13 severity: important Example package node-vlq -- Pkg-javascript-devel mailing list Pkg-javascript-devel@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel

[Pkg-javascript-devel] Bug#941354: proposed fix

I have imported the upstream patch in a new version 1.13.0-3: https://salsa.debian.org/js-team/node-yarnpkg/commit/6808cd918e8c12182e14666c715bb1d372d82449/pipelines I have checked that it now uses https even if http links are present in yarn.lock as follows: mkdir /tmp/qw cd /tmp/qw yarnpkg

[Pkg-javascript-devel] Bug#941354: proposed fix

On Sun, Sep 29, 2019 at 02:43:21PM +0200, Paolo Greppi wrote: > I have imported the upstream patch in a new version 1.13.0-3: > https://salsa.debian.org/js-team/node-yarnpkg/commit/6808cd918e8c12182e14666c715bb1d372d82449/pipelines > > I have checked that it now uses https even if http links are

[Pkg-javascript-devel] Processed: Re: Bug#930634: Build failures with rollup 0.56

Processing control commands: > block -1 by 933091 Bug #930634 [rollup] Update rollup to new upstream release 930634 was blocked by: 941353 930635 930634 was not blocking any bugs. Added blocking bug(s) of 930634: 933091 -- 930634: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930634 Debian

[Pkg-javascript-devel] Bug#933091: node-rollup-plugin-typescript seems incompatible with rollup/typescript

On Fri, 26 Jul 2019 21:06:12 +0530 Pirate Praveen wrote: > package: node-rollup-plugin-typescript > Version: 0.8.1-1 > Severity: serious > Justification: the package is not usable > > Got same error in node-locate-character and node-sourcemap-codec (tried with > node-rollup-plugin-typescript

[Pkg-javascript-devel] node-libravatar 3.0.0-1 MIGRATED to testing

FYI: The status of the node-libravatar source package in Debian's testing distribution has changed. Previous version: 2.0.0-6 Current version: 3.0.0-1 -- This email is automatically generated once a day. As the installation of new packages into testing happens multiple times a day you

[Pkg-javascript-devel] node-get_1.4.0-1_sourceonly.changes ACCEPTED into unstable

Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 30 Sep 2019 07:07:35 +0200 Source: node-get Architecture: source Version: 1.4.0-1 Distribution: unstable Urgency: medium Maintainer: Debian Javascript Maintainers Changed-By: Xavier Guimard Changes: node-get

[Pkg-javascript-devel] Processing of node-get_1.4.0-1_sourceonly.changes

node-get_1.4.0-1_sourceonly.changes uploaded successfully to localhost along with the files: node-get_1.4.0-1.dsc node-get_1.4.0.orig.tar.gz node-get_1.4.0-1.debian.tar.xz Greetings, Your Debian queue daemon (running on host usper.debian.org) -- Pkg-javascript-devel mailing list