[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [Pkg-javascript-devel] [RFS] node-fetch

Your patches for source files are OK. What is wrong is that you install some files not compiled from sources: index.js, esm/index.js and esm/multi-parser-b44d967b.js
Later when node-fetch will be updated for a CVE for example, these files will stay vulnerable. 

On 10/20/23 08:43, Divine Attah wrote:

Hi Yadd
The reason I made those patches was because of this rollup error I got multiple time while trying to build 
```Found debian/nodejs/./build
         cd ./. && sh -ex debian/nodejs/./build
+ rollup -c debian/rollup.config.js

/home/deaththekidd/src/debian-3/node-fetch/src/index.js → cjs...
[!] RollupError: "default" is not exported by "fetch-blob/file.js", imported by "formdata-polyfill/esm.min.js". 
https://rollupjs.org/troubleshooting/#error-name-is-not-exported-by-module <https://rollupjs.org/troubleshooting/#error-name-is-not-exported-by-module>
formdata-polyfill/esm.min.js (4:7)
2:
3: import C from 'fetch-blob'
4: import F from 'fetch-blob/file.js'
           ^
5:
6: var {toStringTag:t,iterator:i,hasInstance:h}=Symbol,
     at error (/usr/share/nodejs/rollup/dist/shared/rollup.js:317:30)
    at Module.error (/usr/share/nodejs/rollup/dist/shared/rollup.js:15111:16)     at Module.traceVariable (/usr/share/nodejs/rollup/dist/shared/rollup.js:15541:29)     at ModuleScope.findVariable (/usr/share/nodejs/rollup/dist/shared/rollup.js:13991:39)     at ReturnValueScope.findVariable (/usr/share/nodejs/rollup/dist/shared/rollup.js:8548:38)     at Identifier.bind (/usr/share/nodejs/rollup/dist/shared/rollup.js:9711:40)     at NewExpression.bind (/usr/share/nodejs/rollup/dist/shared/rollup.js:7328:23)     at ConditionalExpression.bind (/usr/share/nodejs/rollup/dist/shared/rollup.js:7328:23)     at ArrayExpression.bind (/usr/share/nodejs/rollup/dist/shared/rollup.js:7324:28)     at ConditionalExpression.bind (/usr/share/nodejs/rollup/dist/shared/rollup.js:7328:23) 
```
I found that the File and Blob were wrongly imported as default in some files
This is the line that clearly shows it was not exported as default in fetch-blob/file.js 
```
exportconstFile=_File
```
There were abou three more occurrences like this that I had to correct. Is there a better fix for this?
On Fri, Oct 20, 2023, 4:05 AM Yadd <yadd@debian.org <mailto:yadd@debian.org>> wrote: 

    On 10/19/23 19:42, Divine Attah wrote:
     > Hello,
     >
     > Requesting sponsorship for the package node-fetch. I'm an Outreachy
     > applicant assigned to update the node-fetch package to 3.3.2
     >
     > Current version:3.3.2.
     > I have made sure the package is lintian clean and build in clean
    chroot
     > in sbuild.
     > My salsa repo:https://salsa.debian.org/Deaththekidd/node-fetch/
    <https://salsa.debian.org/Deaththekidd/node-fetch/>
     > <https://salsa.debian.org/Deaththekidd/node-fetch/
    <https://salsa.debian.org/Deaththekidd/node-fetch/>>

    Hi,

    * you made a lot of change but debian/changelog doesn't mention them
    * you added patches to add files that were built previously from source,
        this looks wrong. Why did you that ? Also those static files
    won't be
        updated when source code will change later.

    Cheers,
Reply to: