Le 25/10/2020 à 09:06, Pirate Praveen a écrit :
>
> On 2020, ഒക്ടോബർ 25 10:09:13 AM IST, Debian testing watch
> <nore...@release.debian.org> wrote:
>> FYI: The status of the node-rollup-plugin-inject source package
>> in Debian's testing distribution has changed.
>>
>> Previous version: (not in testing)
>> Current version: 4.0.2+~3.0.2-1
>
> Are we going to maintain legacy versions of these plugins in bullseye? I
> agree adding them makes the transition easier, but removing the legacy copies
> should also be part of the plan to avoid maintaining multiple versions of
> these plugins.
Hi,
you're right, however there are a lot of outdated modules in JS Team
packages, and these rollup plugins have no known vulnerabilities.
We can also facilitate transition using this way (using experimental of
course):
* remove legacy module from any node-rollup-plugin-*
* insert our own legacy modules in them including just:
* /usr/share/nodejs/rollup-plugin-foo/package.json
{ "name":"rollup-plugin-foo",
"main":"index.js",
"dependencies":{
"@rollup/plugin-foo": "*"
}
}
* /usr/share/nodejs/rollup-plugin-foo/index.js
module.export = require("@rollup/plugin-foo");
Note that transition of node-rollup-plugin-commonjs won't be easy
(remember 10.0.1+really.9.2.0). Same for node-rollup-plugin-node-resolve
Cheers,
Xavier
--
Pkg-javascript-devel mailing list
Pkg-javascript-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
