[Pkg-javascript-devel] Bug#972570: Bug#972570: node-lightgallery is built using minified files

Yadd yadd at debian.org
Fri Apr 23 20:31:43 BST 2021


Le 23/04/2021 à 19:03, Jonas Smedegaard a écrit :
> Quoting Yadd (2021-04-23 17:47:23)
>> Control: tags -1 + pending
>>
>> Le 23/04/2021 à 09:44, Daniel Ring a écrit :
>>> Hello Xavier,
>>>
>>> It looks like the build process was minifying the source files to the
>>> destination *.js files and copying the pre-minified files to *.min.js. I
>>> corrected it to copy the unminified files directly and minify them to
>>> *.min.js.
>>>
>>> I also updated the package on Salsa to exclude the minified
>>> modules/*.min.js files via Files-Excluded in d/copyright, so they're no
>>> longer in the source package at all.
>>>
>>> Sincerely,
>>> Daniel Ring
>>
>> Hi,
>>
>> looks good to me, thanks! Could you also ignore these warnings in a
>> debain/lintian-overrides? It looks like false positive
>>
>> Cheers,
>> Yadd
>>
>>  W: node-lightgallery: privacy-breach-generic
>> usr/share/nodejs/lightgallery/dist/js/lg-video.min.min.js [<iframe
>> class="lg-video-object lg-dailymotion '+o+'" '+l+' width="560"
>> height="315"
> [...]
> Those warnings look real to me.
> 
> What makes you consider them false positives, Xavier?

Hi Jonas,

yes but the relevant lines are in if/then/else blocks:

  if (isVideo.youtube) {
    ...  video = '<iframe ...  src="//www.youtube.com/embed/' + .../>

so it looks like a admin choice, Daniel maybe I'm wrong here ?



More information about the Pkg-javascript-devel mailing list