[Pkg-javascript-devel] Bug#1004471: Fwd: node-terser_5.15.0-1_source.changes ACCEPTED into unstable

Jonas Smedegaard jonas at jones.dk
Mon Aug 29 17:24:04 BST 2022 

Quoting Yadd (2022-08-29 17:16:58)
> On 29/08/2022 16:46, Jonas Smedegaard wrote:
> > a) Why is patch 2001 still needed?  You kept parts of if despite terser
> > now being v5.  Yes, testsuite fails without that patch but I don't
> > understand why (suspect the cause being newer-than-expected jest).
> 
> yes this patch should be renamed. The part I kept wasn't related to 
> terser 5 but something else. This seems not be related to jest (existed 
> before jest update). I'll search from where comes this error

Thanks.

Do you mean within hours, or better that I file a bugreport to track
this?

Don't mean to rush you (and fixing this is not urgent), just don't want
to bother with a bugreport if you are as swift as commonly :-)


> > b) Why do binary packages now contain file
> > /usr/share/nodejs/*/pkgjs-lock.json? Bug in pkg-js-tools, perhaps?
> 
> This files are automatically added to all package suspected to embed 
> copies of some other modules (ie built using webpack or rollup). We 
> discussed about that some months ago, it may help in case of CVE

Ohh, I see it now.  And I even commented on it - sorry for my failing
memory!


> > c) Why do testsuite for ascjs emit several errors without failing?
> > Bug in pkg-js-tools, perhaps?
> 
> Here:
>    + node Xascjs/test.js
>    ascjs v5.0.1 - 33 tests
> 
>    true both import and export can be overwritten 

Ah, I was mistaken: I talk about the instances of "console.error" that
can be seen e.g. at https://buildd.debian.org/status/fetch.php?pkg=node-rollup-plugin-terser&arch=all&ver=7.0.2%2B%7E5.0.1-3&stamp=1660820526&raw=0

...and I see now that it is (not ascjs testsuite failures, but) main
testsuite explicitly provoking and checking a few failure modes, so it
is not test failures but intended noise.


 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-javascript-devel/attachments/20220829/08df9fab/attachment.sig>

More information about the Pkg-javascript-devel mailing list