[Pkg-javascript-devel] Bug#972570: Bug#972570: node-lightgallery is built using minified files

Sat Apr 24 05:35:34 BST 2021

The warnings are already overridden in the current version on Salsa, 
since the Youtube/Vimeo/etc. embeds are only loaded when Lightgallery is 
used to display a video from that source (e.g. by passing it a Youtube 
link).

Sincerely,
Daniel Ring

On 4/23/2021 12:31 PM, Yadd wrote:
> Le 23/04/2021 à 19:03, Jonas Smedegaard a écrit :
>> Quoting Yadd (2021-04-23 17:47:23)
>>> Control: tags -1 + pending
>>>
>>> Le 23/04/2021 à 09:44, Daniel Ring a écrit :
>>>> Hello Xavier,
>>>>
>>>> It looks like the build process was minifying the source files to the
>>>> destination *.js files and copying the pre-minified files to *.min.js. I
>>>> corrected it to copy the unminified files directly and minify them to
>>>> *.min.js.
>>>>
>>>> I also updated the package on Salsa to exclude the minified
>>>> modules/*.min.js files via Files-Excluded in d/copyright, so they're no
>>>> longer in the source package at all.
>>>>
>>>> Sincerely,
>>>> Daniel Ring
>>>
>>> Hi,
>>>
>>> looks good to me, thanks! Could you also ignore these warnings in a
>>> debain/lintian-overrides? It looks like false positive
>>>
>>> Cheers,
>>> Yadd
>>>
>>>   W: node-lightgallery: privacy-breach-generic
>>> usr/share/nodejs/lightgallery/dist/js/lg-video.min.min.js [<iframe
>>> class="lg-video-object lg-dailymotion '+o+'" '+l+' width="560"
>>> height="315"
>> [...]
>> Those warnings look real to me.
>>
>> What makes you consider them false positives, Xavier?
> 
> Hi Jonas,
> 
> yes but the relevant lines are in if/then/else blocks:
> 
>    if (isVideo.youtube) {
>      ...  video = '<iframe ...  src="//www.youtube.com/embed/' + .../>
> 
> so it looks like a admin choice, Daniel maybe I'm wrong here ?
> 