[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1033927: marked as done (unblock: node-sinon/14.0.2+ds+~cs74.13.25-2)

Your message dated Tue, 04 Apr 2023 21:26:49 +0000
with message-id <E1pjoAz-004mBz-No@respighi.debian.org>
and subject line unblock node-sinon
has caused the Debian Bug report #1033927,
regarding unblock: node-sinon/14.0.2+ds+~cs74.13.25-2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1033927: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033927
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: node-sinon@packages.debian.org
Control: affects -1 + src:node-sinon

Please unblock package node-sinon

[ Reason ]
node-sinon is a package used during JS tests. In Debian JS Team we
choose to launch autopkgtest with `--disable-proto=throw` to ensure
that JS packages don't used this old way to access to prototype for
security reasons.
This change started in September 2022 (pkg-js-autopkgtest 0.15.x).

node-sinon currently parses all object properties without avoid
__proto__. This breaks (at least) node-nock autopkgtest.

[ Impact ]
No change, the patch just avoid parsing __proto__

[ Tests ]
No change in test, still pass (autopkgtest + build). This fixed also
node-nock test.

[ Risks ]
No risk here, patch is trivial

[ Checklist ]
  [X] all changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in testing

[ Other info ]
This debdiff adds also some tips from lintian-brush (lintian tags and
metadata update)

Cheers,
Yadd

unblock node-sinon/14.0.2+ds+~cs74.13.25-2

diff --git a/debian/changelog b/debian/changelog
index aaace48..111c526 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,14 @@
+node-sinon (14.0.2+ds+~cs74.13.25-2) unstable; urgency=medium
+
+  * Team upload
+  * Update lintian override info format in d/source/lintian-overrides
+    on line 2-3
+  * Set upstream metadata fields: Bug-Database, Bug-Submit, Repository-Browse
+  * Update standards version to 4.6.2, no changes needed
+  * Drop calls to __proto__ (Closes: #1033818)
+
+ -- Yadd <yadd@debian.org>  Mon, 03 Apr 2023 07:26:51 +0400
+
 node-sinon (14.0.2+ds+~cs74.13.25-1) unstable; urgency=medium
 
   * Team upload
diff --git a/debian/control b/debian/control
index 1a73a29..c60cd62 100644
--- a/debian/control
+++ b/debian/control
@@ -27,7 +27,7 @@ Build-Depends:
  , node-supports-color
  , node-type-detect
  , node-util <!nocheck>
-Standards-Version: 4.6.1
+Standards-Version: 4.6.2
 Vcs-Browser: https://salsa.debian.org/js-team/node-sinon
 Vcs-Git: https://salsa.debian.org/js-team/node-sinon.git
 Homepage: https://sinonjs.org/
diff --git a/debian/patches/dont-try-to-access-to-__proto__.patch b/debian/patches/dont-try-to-access-to-__proto__.patch
new file mode 100644
index 0000000..5973750
--- /dev/null
+++ b/debian/patches/dont-try-to-access-to-__proto__.patch
@@ -0,0 +1,16 @@
+Description: don't try to access to __proto__
+Author: Yadd <yadd@debian.org>
+Forwarded: no
+Last-Update: 2023-04-03
+
+--- a/lib/sinon/util/core/walk.js
++++ b/lib/sinon/util/core/walk.js
+@@ -17,7 +17,7 @@
+     }
+ 
+     forEach(Object.getOwnPropertyNames(obj), function (k) {
+-        if (seen[k] !== true) {
++        if (k !== '__proto__' && seen[k] !== true) {
+             seen[k] = true;
+             var target =
+                 typeof Object.getOwnPropertyDescriptor(obj, k).get ===
diff --git a/debian/patches/series b/debian/patches/series
index ffb3e1f..b2b7689 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -2,3 +2,4 @@ fix-sinonjsreferee-sinon-test.diff
 reproducible.patch
 fix-for-path-to-regexp-6.patch
 drop-unstable-test.patch
+dont-try-to-access-to-__proto__.patch
diff --git a/debian/source/lintian-overrides b/debian/source/lintian-overrides
index 3f4d9d6..05b110e 100644
--- a/debian/source/lintian-overrides
+++ b/debian/source/lintian-overrides
@@ -1,6 +1,6 @@
 # False positive: data
-source-is-missing *sinonjstext-encoding/lib/encoding-indexes.js*
-source-contains-prebuilt-javascript-object *sinonjstext-encoding/lib/encoding-indexes.js*
+source-is-missing [*sinonjstext-encoding/lib/encoding-indexes.js*]
+source-contains-prebuilt-javascript-object [*sinonjstext-encoding/lib/encoding-indexes.js*]
 very-long-line-length-in-source-file *sinonjsfake-timers/LICENSE*
 very-long-line-length-in-source-file *sinonjstext-encoding/lib/encoding-indexes.js*
 very-long-line-length-in-source-file *.md*
diff --git a/debian/upstream/metadata b/debian/upstream/metadata
index 6d85d64..c5adee0 100644
--- a/debian/upstream/metadata
+++ b/debian/upstream/metadata
@@ -1,6 +1,6 @@
 ---
 Archive: GitHub
-Bug-Database: https://github.com/cjohansen/Sinon.JS/issues
-Bug-Submit: https://github.com/cjohansen/Sinon.JS/issues/new
+Bug-Database: https://github.com/sinonjs/sinon/issues
+Bug-Submit: https://github.com/sinonjs/sinon/issues/new
 Repository: https://github.com/cjohansen/Sinon.JS.git
-Repository-Browse: https://github.com/cjohansen/Sinon.JS
+Repository-Browse: https://github.com/sinonjs/sinon

--- End Message ---
--- Begin Message --- 
Unblocked.

--- End Message ---
Reply to: