r-cran-bslib: node-bootstrap-sass security problem

To: Bastien Roucaries <rouca@debian.org>
Cc: Pirate Praveen <praveen@debian.org>, Debian R <debian-r@lists.debian.org>
Subject: r-cran-bslib: node-bootstrap-sass security problem
From: Andreas Tille <tille@debian.org>
Date: Sun, 1 Jun 2025 21:08:40 +0200
Message-id: <[🔎] aDylOD8heAUXcSYC@an3as.eu>
In-reply-to: <2032552.CrzyxZ31qj@debian-ei>
References: <49969468.MN2xkq1pzW@debian-ei> <093488df-6c7e-4711-b123-d5c8f0466245@debian.org> <2032552.CrzyxZ31qj@debian-ei>

Hi,

Am Sun, Jun 01, 2025 at 08:12:23PM +0200 schrieb Bastien Roucaries:
> Le dimanche 1 juin 2025, 19:43:45 heure d’été d’Europe centrale Pirate Praveen 
> a écrit :
> > On 6/1/25 11:02 PM, Bastien Roucaries wrote:
> > 
> > > Hi,
> > > 
> > > Why this package include a vendored copy of bootstrap instead of linking
> > > ?
> > > 
> > > In all the case bootstrap security problem need to be fixed
> > 
> > 
> > Likely because upstream bundled it. But gitlab no longer use any 
> > packaged node modules, so I don't have much interest in this package 
> > right now.
> > 
> > There is one reverse dependency for it r-cran-bslib so you could discuss 
> > with its maintainer and decide how to proceed here.>
> 
> Hi Andrea,
> 
> Could you migrate here to lastest bootstrap ?
 
I admit I'm not sure what you expect me to do and when (before Trixie
release or later).  Any reason you did not filed a bug report or at
least a MR?  CCing Debian R list to discuss the issue in public since
I'm currently not very active in R packaging.

Kind regards
    Andreas.

-- 
https://fam-tille.de

Reply to:

Index(es):
- Date
- Thread