Hello,
The package on Salsa should be ready for upload and backport. It wasn't
uploaded at the time due to the release freeze, and it's been waiting
for review since then.
I'd have uploaded it myself after the freeze ended, but I haven't been
able to get my GPG key signed due to the pandemic so I don't have
maintainer access.
Sincerely,
Daniel Ring
On 10/3/2021 12:32 PM, Joe Nahmias wrote:
Hello,
Now that bullseye has been released, would it be possible to upload a fix
for this to unstable? That would allow node-lightgallery and rainloop to
migrate to testing (bookworm) and then be backported to bullseye.
If you are not able to do this at the moment, due to time constraints, I'm
happy to prepare the upload based on what's in Salsa, as long as it's okay
with the JS team.
Thanks,
--Joe
On Sat, Apr 24, 2021 at 04:12:06PM -0700, Daniel Ring wrote:
It looks like this RC bug also caused the next version of Rainloop to be
removed from bullseye before the freeze. That version contains an relatively
important security fix (bug #962629), so both Rainloop and node-lightgallery
will need to be uploaded to bullseye-backports (when available) as well as
unstable.
Sincerely,
Daniel Ring
On 4/23/2021 9:35 PM, Daniel Ring wrote:
The warnings are already overridden in the current version on Salsa,
since the Youtube/Vimeo/etc. embeds are only loaded when Lightgallery is
used to display a video from that source (e.g. by passing it a Youtube
link).
Sincerely,
Daniel Ring
On 4/23/2021 12:31 PM, Yadd wrote:
Le 23/04/2021 à 19:03, Jonas Smedegaard a écrit :
Quoting Yadd (2021-04-23 17:47:23)
Control: tags -1 + pending
Le 23/04/2021 à 09:44, Daniel Ring a écrit :
Hello Xavier,
It looks like the build process was minifying the source files to the
destination *.js files and copying the pre-minified
files to *.min.js. I
corrected it to copy the unminified files directly and minify them to
*.min.js.
I also updated the package on Salsa to exclude the minified
modules/*.min.js files via Files-Excluded in
d/copyright, so they're no
longer in the source package at all.
Sincerely,
Daniel Ring
Hi,
looks good to me, thanks! Could you also ignore these warnings in a
debain/lintian-overrides? It looks like false positive
Cheers,
Yadd
W: node-lightgallery: privacy-breach-generic
usr/share/nodejs/lightgallery/dist/js/lg-video.min.min.js [<iframe
class="lg-video-object lg-dailymotion '+o+'" '+l+' width="560"
height="315"
[...]
Those warnings look real to me.
What makes you consider them false positives, Xavier?
Hi Jonas,
yes but the relevant lines are in if/then/else blocks:
if (isVideo.youtube) {
... video = '<iframe ... src="//www.youtube.com/embed/' + .../>
so it looks like a admin choice, Daniel maybe I'm wrong here ?
--
Pkg-javascript-devel mailing list
Pkg-javascript-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
