[Pkg-javascript-devel] Bug#976607: node-cheerio: please package (much!) newer release 1.0rc3
Jonas Smedegaard
dr at jones.dk
Sat Dec 5 18:19:59 GMT 2020
Package: node-cheerio
Version: 0.22.0-2
Severity: normal
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hi,
Thanks for packaging Cheerio.
Currently packaged release is the latest upstream stable release,
but was released 4 years ago . 1.0rc1 was released 3.5 years ago
and 1.0rc3 was released 1.5 years ago.
Please consider updating to 1.0rc3 (in preparation for 1.0rc4
which might soon be released, judging from issue tracker chatter).
Concretely, 1.0rc3 is needed for matrix-hydrogen that I am preparing,
but I notice that it is also preferred for node-dom-serializer
(even for the outdated 0.2.2 that we carry in Debian),
and some issue tracker chatter seems to indicate that there are also
security bugs fixed along the way of those 4 years of progress.
Raising severity from wishlist to normal due to possible security risk.
- Jonas
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAl/Lz0wACgkQLHwxRsGg
ASFYcA//eyAftLzxjjBZN8iROGB1nm5owqFd8xiCF+hyxUw3EHeo1zTeZHQWr1us
dG31vykdtNp74w3nf7Z+HTrTiSLuYNrQIwCol57e61e3nfe11tVZb4pP/8auZWDK
cwOSVWKUV8eWDCpMzkNvdeWmFqX3wtcEFVmd9UT3TCXUXG1+c3U8iTl2uLN1y3c/
sWgS34n7sdh/zYwFm5MR4d5iq+DrgpOlrquA3pPI3lf/lSC5BOH8KXSDyVPMCDD9
pc3CiXIqQlUu63xFPDJrhnqs5t7nAvTIv9YQXEygjU5gjKn1IhqA7+j8iZNtPOPW
QMaWcOLVUNwq0wx2YenaqIgLMSv9OcYxHLFI5pTTPZGWqAOj8ZsJPjn35+pAhVWt
761V2nkFJZ/RocLzhEdV4ppiVOjSG4TBNdaXpq0/6tOtB7cu9TRsNKd/uT/0jXHc
xlXEVyU5RjjdDRufOl9RYs1dwu6ZhTTD4+DzfY9N3/l/QfpKtxelnp57G2CYNS30
iRjQL4NqebJAVFs2DB8lIaiP9eY7y6Xwdmdn8T771ACwW0seZLKURHJg/BeUmfgc
uAvqARVsA8VSKu6sjR2gaCbvYTn2/7x1AF+Q/udrXQ97viFTyRnHKGoXCSSvcmXN
PcnWXwVYrCxvaIg4P1CBDe/MIU+4WP+g5tkD92sKsHkUCLlY4zQ=
=22Bv
-----END PGP SIGNATURE-----
More information about the Pkg-javascript-devel
mailing list