Your message dated Wed, 03 Mar 2021 23:48:32 +0000 with message-id <e1lhbeg-000hx7...@fasolo.debian.org> and subject line Bug#979698: fixed in nodejs 14.16.0~dfsg-1 has caused the Debian Bug report #979698, regarding src:nodejs: should provide virtual package node-types-node to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 979698: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=979698 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: src:nodejs Version: 12.20.1~dfsg-1 Severity: normal -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Bug#979693 indicates that nodejs now embeds Node.js module @node/types. Please provide virtual packages for any and all modules installed, so that consuming packages can declare explicit package relations, which helps in e.g. assess when to deprecate embedded modules or maybe move them out to independent packages. Even if the module is inherently tied to the src:nodejs codebase, it is still helpful to consistently declare virtual packages for all modules: I hope that we can at some point make it into Debian Policy that Node.js modules *must* be declared as (virtual or real) package name, which can then simplify tooling. - Jonas -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAl/60G4ACgkQLHwxRsGg ASFL5BAAhc2+rVdE2JNYjw3X42mDoKOQz34+hiX++oGEmITW0XJB8uTCsdJ5s0oj kH6zkzqdw6m4flK/pHcPFN/vqQksSprI7ZR8MRfWogjBSTCTmiH2J5/jlmEgBKta 1CLvB7HdSnbRBU2r427oxrqvPMjL7BV6Rb1TLKN98mP9BHaBdBiU63AVnLoKi5Qn EdFX86/9/vvng6X4z7T2Gr1XN2p2UXFom094fbtJ+YyiZhSbFwcQdFXQez0glrkS 90E7FmW/fdvikBF614IBy3q21PtB6w9Fp05UmZu9BtoqePGzkqkXG3BU42t3axIK hoZFDAKPAyY02vacPJ+N/QLJTpJ7xQiJmYmExUbMVAfyPzVQmSBBDtmSgSbAfsYf N9qEJgT4oTtzJWDzY4Ytp9Ed+eiqjDiUOuekwViYpFzP2vgsYfCh5aoi7mfcr+IK wIrcvGXGkmOBkfWbjtCv2jHivj67sQwIl/77UrUVmvjdhcqAoHJEpxE74mWETu1Q QiGIG/LL/j5zbqA5Vgf+eb4fsHZ5npswkbHZbIPHCpQE2i799ewP/7ZAKuxuGQWZ QAgx9ESMj9BVOgrUtRJ8ML7lxxQ+uDOgiHQMweh6cGrUqRtpsnxkoGijTxmJNJJa g/rjkrv2+cr/QAVLzIXxygdFiVE4+4z86HOUR3XZY7lS1koQVOA= =49m6 -----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---Source: nodejs Source-Version: 14.16.0~dfsg-1 Done: Jérémy Lal <kapo...@melix.org> We believe that the bug you reported is fixed in the latest version of nodejs, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 979...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Jérémy Lal <kapo...@melix.org> (supplier of updated nodejs package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 04 Mar 2021 00:29:51 +0100 Source: nodejs Architecture: source Version: 14.16.0~dfsg-1 Distribution: experimental Urgency: medium Maintainer: Debian Javascript Maintainers <pkg-javascript-devel@alioth-lists.debian.net> Changed-By: Jérémy Lal <kapo...@melix.org> Closes: 979698 Changes: nodejs (14.16.0~dfsg-1) experimental; urgency=medium . [ Jérémy Lal ] * New upstream version 14.16.0~dfsg Fixed vulnerabilities: + CVE-2021-22883: HTTP2 'unknownProtocol' cause DoS by resource exhaustion + CVE-2021-22884: localhost6 DNS rebinding in --inspect * Refresh make-doc patch * Patch to always use pure javascript cjs lexer * copyright: cjs-module-lexer is expat * copyright: exclude cjs-module-lexer unbuildable files * copyright: fix some copyright years * copyright: shjs is no longer used * lintian-overrides: false positive for a unicode regexp . [ Xavier Guimard ] * Embed @types/node 14 * Provides node-types-node (Closes: #979698) * Use secure copyright file specification URI. * Set upstream metadata fields: Security-Contact. * Bump debhelper compatibility level to 13 * Declare compliance with policy 4.5.1 * Use secure URI in Homepage field. * Add "Rules-Requires-Root: no" * Modernize debian/watch * Add ctype=nodejs to component(s) * Update d/copyright urls Checksums-Sha1: 33cc08048de15b5c04847843d32342209a9ff9db 3464 nodejs_14.16.0~dfsg-1.dsc 8c254868fb7fdd6e011c7d97939d53626cecdcf5 89040 nodejs_14.16.0~dfsg.orig-types-node.tar.xz 8d2921d305989633453c90bbe9aa32ce10af4011 18876272 nodejs_14.16.0~dfsg.orig.tar.xz fcfdb817227aaa76dfe99656fa7c88c1548aa4d7 134392 nodejs_14.16.0~dfsg-1.debian.tar.xz 92ded56bb5a0aa948b72897842ff6c97720ad36b 8296 nodejs_14.16.0~dfsg-1_source.buildinfo Checksums-Sha256: d2df71b80046b0e14410db68dbd447e111e6d11205cb898bd86fec46f886d7da 3464 nodejs_14.16.0~dfsg-1.dsc 61e9921331af55775fc390c3b2924aae9c5cb8f55fc8efebd28f4c73df619e0d 89040 nodejs_14.16.0~dfsg.orig-types-node.tar.xz 2805273cd227cffd2b93d921f2dfb627911ef12f147bd9da8287c3023c84d673 18876272 nodejs_14.16.0~dfsg.orig.tar.xz 098b90f9972e35e61bea1cd0f5f4ca9e4c9ed4e4dca128a06f31943c4599637b 134392 nodejs_14.16.0~dfsg-1.debian.tar.xz 404ea9b77e6c11cc37d5fe05ca0fd54e2211d0f88bce07739c0835c44f1dc7e2 8296 nodejs_14.16.0~dfsg-1_source.buildinfo Files: 38a5ed6bc174e91f440debffb015b55a 3464 javascript optional nodejs_14.16.0~dfsg-1.dsc b2adad7b9249a00a54e9b70e2bf9d1b3 89040 javascript optional nodejs_14.16.0~dfsg.orig-types-node.tar.xz 94ec509608b4ebd747ae9f0d09fcd9af 18876272 javascript optional nodejs_14.16.0~dfsg.orig.tar.xz de3f2c2b4dfe09e4b2c6d821af31275c 134392 javascript optional nodejs_14.16.0~dfsg-1.debian.tar.xz 9c35a75d06a5ec5a8d33dc167938a674 8296 javascript optional nodejs_14.16.0~dfsg-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJGBAEBCgAwFiEEA8Tnq7iA9SQwbkgVZhHAXt0583QFAmBAHDoSHGthcG91ZXJA bWVsaXgub3JnAAoJEGYRwF7dOfN08hAP/28eExOPLKVHhp9PymdUZJzyFJWr9tvA XpC6M7zYFsOb37KwQWbh9Dbs0Mmr1suAadSbvJUdTzit25WbvmUbQMeL8sDdCGhn gRHVBme63lkm4MVY82LTZbeK8ckgABpnbJpXleisSiJIjmRvHTxfC8/M7S+lA6sz hx0tbapMlBhjJEwXVPCXkhxhPU4QHNRu3PSnnazvXvRhMCYEc3wmKq7110iz0N8X Gq3MyUP4NeEWqvZWDbV3SVuoaD8KKt7yMFLJ+VFlySvt34sz4wBcpHyBieIHiuG0 UTYCa2XcSkPzbvSBihALWa8KJlI86O4mEfudBXK21W2ZAsgQI9CiB7uYWO73IVO8 pAAyUrzn/hhQf7fbqmUKGtmCyEXgTSiY7nhtn9mrLEg34tf+Gy4pILHniJtCKBpO RDCp3E1lGZ8J2vdM4qmmTcX3B1t4AzBxPMEzCxILT0GBTqbShZq9OdHbDBQnnZxq H0kwbqLxkPgen5p6Yogmm+nUGSS35l7ArGvXZqiaDNhTy5jF+uGIdY59P7FjDt9b 4voKotiFZ/UknWibpV/6qJTS1z0WV+dYxrPG5Yc4iDmVs1v8+RLSsfGc7vsClIB0 0rGL7DdiS5W9Xa9kyS3uECIpTmnDhVlcmS3Imp4uQIUcVnenSz3T61uVkAJiKJqM S33+k5gwmsH4 =2NaU -----END PGP SIGNATURE-----
--- End Message ---
-- Pkg-javascript-devel mailing list Pkg-javascript-devel@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
