[Python-modules-team] Bug#1060772: python3-jupyterlab: Using node-corepack downloads yarnpkg from Internet
Aurelien Jarno
aurel32 at debian.org
Sat Apr 27 22:58:41 BST 2024
control: severity -1 serious
On 2024-01-14 08:20, Yadd wrote:
> Package: python3-jupyterlab
> Version: 4.0.9+ds1-1
> Severity: important
> X-Debbugs-Cc: yadd at debian.org
>
> Hi,
>
> the patch 0003-Use-system-provided-yarn.js.patch replaces missing
> yarn.js by node-corepack. Please keep in mind that
> node-corepack/../yarn.js is a wrapper that downloads yarnpkg from
> Internet instead of using Debian's one.
As network access is forbidden by Debian Policy section 4.9, this is
actually a serious bug. Changing the severity accordingly.
Regards
Aurelien
--
Aurelien Jarno GPG: 4096R/1DDD8C9B
aurelien at aurel32.net http://aurel32.net
More information about the Python-modules-team
mailing list