On Thu, Dec 21, 2023 at 06:43:35AM +0100, Salvatore Bonaccorso wrote:
> Hi,
>
> [CC'ing node-undici uploader]
> > >> Ack, let's do that. Could you prepare bookworm-security updates
> > >> based on 18.17.0 (after it has landed in unstable)?
> > >
> > nodejs 18.19.0 has landed in testing.
> > It rebuilds fine in bookworm, and test-suite-during-build pass on amd64.
> >
> > It also requires "node-undici", precisely for that change:
> >
> > node-undici (5.28.2+dfsg1+~cs23.11.12.3-2) unstable; urgency=medium
> >
> > * Build and publish undici-types, needed by new @types/node
> >
> > Is there a way to deal with this ?
>
> Then I guess we need this as pre-requisite upload to bookworm as well.
>
> Maybe Moritz has a better idea, but one option is to propose this
> update regularly as bookworm-pu and once it's in proposed update ask
> DSA to make the security chroots pick as well updates from
> prpopsoed-updates if we plan to release nodejs via a DSA (or otherwise
> via bookworm-pu as well).
>
> One other alternative is to make a non-security upload for
> node-unidici containing that change to the security archive, which the
> nodejs update can pick.
I think we can handle it similar to what we recently did when OpenJDK bumped
it's requirement for jtreg: When we have a suitable update for node-undici
we upload it to security-master and the security buildds will be able to
use it to build the new nodejs. And then it simply gets released along with
the nodejs update.
Cheers,
Moritz