[Pkg-javascript-devel] Bug#976607: Bug#976607: node-cheerio: please package (much!) newer release 1.0rc3
Xavier
yadd at debian.org
Sat Dec 5 19:42:23 GMT 2020
Control: tags -1 + pending
Le 05/12/2020 à 19:19, Jonas Smedegaard a écrit :
> Package: node-cheerio
> Version: 0.22.0-2
> Severity: normal
>
> Hi,
>
> Thanks for packaging Cheerio.
>
> Currently packaged release is the latest upstream stable release,
> but was released 4 years ago . 1.0rc1 was released 3.5 years ago
> and 1.0rc3 was released 1.5 years ago.
>
> Please consider updating to 1.0rc3 (in preparation for 1.0rc4
> which might soon be released, judging from issue tracker chatter).
>
> Concretely, 1.0rc3 is needed for matrix-hydrogen that I am preparing,
> but I notice that it is also preferred for node-dom-serializer
> (even for the outdated 0.2.2 that we carry in Debian),
> and some issue tracker chatter seems to indicate that there are also
> security bugs fixed along the way of those 4 years of progress.
>
> Raising severity from wishlist to normal due to possible security risk.
>
> - Jonas
You're absolutely right, built and pushed ;-)
More information about the Pkg-javascript-devel
mailing list