Le mardi 6 mai 2025, 16:41:17 heure d’été d’Europe centrale Sylvain Beucler a écrit : Hi sylvain, > Hi, > > I just noticed that angular.js is EOL'd by Google since 2022. > > AFAICS none of the 9 CVEs reported since had a fix: > https://security-tracker.debian.org/tracker/source-package/angular.js > https://deb.freexian.com/extended-lts/tracker/source-package/angular.js I have achieved to fix a few CVE https://salsa.debian.org/js-team/angular.js It need testing and I agree with you we should drop this and use angular.io But for me security support could be done like for old bootstrap rouca > > There's a successor, "angular.io", but it doesn't seem that helped with > any of our current vulnerabilities. > > Discussion on the first Debian bug suggested attempting to drop the > package entirely in trixie (though that didn't seem to have happened): > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014779 > > It doesn't seem like we can support angular.js, this is similar to > bootstrap: > https://lists.debian.org/debian-lts/2025/04/msg00051.html > > What do you think? > > Cheers! > Sylvain Beucler > Debian LTS Team
Attachment:
signature.asc
Description: This is a digitally signed message part.