node-dompurify - Debian Package Tracker

general

source: node-dompurify (main)
version: 3.1.7+dfsg+~3.0.5-2
maintainer: Debian Javascript Maintainers (archive) (DMD)
uploaders: Pirate Praveen [DMD]
arch: all
std-ver: 4.7.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

stable: 2.4.1+dfsg+~2.4.0-2+deb12u1
stable-sec: 2.4.1+dfsg+~2.4.0-2
testing: 3.1.7+dfsg+~3.0.5-1
unstable: 3.1.7+dfsg+~3.0.5-2
exp: 3.2.5+dfsg-1

versioned links

2.4.1+dfsg+~2.4.0-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.4.1+dfsg+~2.4.0-2+deb12u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.1.7+dfsg+~3.0.5-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.1.7+dfsg+~3.0.5-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.2.5+dfsg-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

node-dompurify

action needed

A new upstream version is available: 3.2.5+~3.2.0 high

A new upstream version 3.2.5+~3.2.0 is available, you should consider packaging it.

Created: 2024-11-13 Last update: 2025-04-23 22:00

1 security issue in trixie high

There is 1 open security issue in trixie.

1 important issue:

CVE-2025-26791: DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mutation cross-site scripting (mXSS).

Created: 2025-02-14 Last update: 2025-04-21 16:00

3 new commits since last upload, is it time to release? normal

vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:

commit df8b2a4acb5a5b3581c6b1e12884c3cf812c553a
Merge: 104b999 5e2be58
Author: Yadd <yadd@debian.org>
Date:   Mon Apr 21 08:24:58 2025 +0200

    Merge branch 'debian/trixie'

commit 5e2be584e729c4c7a295c29ff328175765c59ef7
Author: Yadd <yadd@debian.org>
Date:   Mon Apr 21 08:23:04 2025 +0200

    releasing package node-dompurify version 3.1.7+dfsg+~3.0.5-2

commit 074902f85ba934d36900cc39a7d9b51c669a9ea0
Author: Yadd <yadd@debian.org>
Date:   Mon Apr 21 08:21:26 2025 +0200

    Changed the template literal regex to avoid a config-dependent bypass (Closes: #1098325, CVE-2025-26791)

Created: 2025-04-21 Last update: 2025-04-21 09:31

lintian reports 2 warnings normal

Lintian reports 2 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2024-10-13 Last update: 2024-10-13 06:31

1 low-priority security issue in bookworm low

There is 1 open security issue in bookworm.

1 issue left for the package maintainer to handle:

CVE-2025-26791: (needs triaging) DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mutation cross-site scripting (mXSS).

You can find information about how to handle this issue in the security team's documentation.

Created: 2025-02-14 Last update: 2025-04-21 16:00

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.2 instead of 4.7.0).

Created: 2025-02-21 Last update: 2025-04-21 13:00

testing migrations

excuses:
- Migration status for node-dompurify (3.1.7+dfsg+~3.0.5-1 to 3.1.7+dfsg+~3.0.5-2): Waiting for test results or another package, or too young (no action required now - check later)
- Issues preventing migration:
- ∙ ∙ Too young, only 3 of 10 days old
- Additional info:
- ∙ ∙ Piuparts tested OK - https://piuparts.debian.org/sid/source/n/node-dompurify.html
- ∙ ∙ autopkgtest for node-dompurify/3.1.7+dfsg+~3.0.5-2: amd64: No tests, superficial or marked flaky ♻ (reference ♻), arm64: No tests, superficial or marked flaky ♻ (reference ♻), armel: No tests, superficial or marked flaky ♻ (reference ♻), armhf: No tests, superficial or marked flaky ♻ (reference ♻), i386: No tests, superficial or marked flaky ♻ (reference ♻), ppc64el: No tests, superficial or marked flaky ♻ (reference ♻), riscv64: No tests, superficial or marked flaky ♻ (reference ♻), s390x: No tests, superficial or marked flaky ♻ (reference ♻)
- ∙ ∙ Reproducible on amd64 - info ♻
- ∙ ∙ Reproducible on arm64 - info ♻
- ∙ ∙ Waiting for reproducibility test results on armhf - info ♻
- ∙ ∙ Reproducible on i386 - info ♻
- Not considered

news

[rss feed]

[2025-04-21] Accepted node-dompurify 3.1.7+dfsg+~3.0.5-2 (source) into unstable (Yadd) (signed by: Xavier Guimard)
[2025-04-21] Accepted node-dompurify 3.2.5+dfsg-1 (source) into experimental (Yadd) (signed by: Xavier Guimard)
[2024-11-03] Accepted node-dompurify 2.4.1+dfsg+~2.4.0-2+deb12u1 (source) into proposed-updates (Debian FTP Masters) (signed by: Xavier Guimard)
[2024-10-18] node-dompurify 3.1.7+dfsg+~3.0.5-1 MIGRATED to testing (Debian testing watch)
[2024-10-15] Accepted node-dompurify 2.4.1+dfsg+~2.4.0-2 (source) into proposed-updates (Debian FTP Masters) (signed by: Xavier Guimard)
[2024-10-13] Accepted node-dompurify 2.4.1+dfsg+~2.4.0-2 (source) into stable-security (Debian FTP Masters) (signed by: Xavier Guimard)
[2024-10-12] Accepted node-dompurify 3.1.7+dfsg+~3.0.5-1 (source) into unstable (Yadd) (signed by: Xavier Guimard)
[2024-09-22] node-dompurify 3.1.6+dfsg+~3.0.5-1 MIGRATED to testing (Debian testing watch)
[2024-09-17] Accepted node-dompurify 3.1.6+dfsg+~3.0.5-1 (source) into unstable (Yadd) (signed by: Xavier Guimard)
[2024-03-12] node-dompurify 3.0.9+dfsg+~3.0.5-1 MIGRATED to testing (Debian testing watch)
[2024-03-06] Accepted node-dompurify 3.0.9+dfsg+~3.0.5-1 (source) into unstable (Yadd) (signed by: Xavier Guimard)
[2022-12-01] node-dompurify 2.4.1+dfsg+~2.4.0-1 MIGRATED to testing (Debian testing watch)
[2022-11-25] Accepted node-dompurify 2.4.1+dfsg+~2.4.0-1 (source) into unstable (Yadd) (signed by: Xavier Guimard)
[2022-11-21] Accepted node-dompurify 2.4.0+dfsg+~2.3.4-3 (source) into unstable (Jelmer Vernooĳ) (signed by: Jelmer Vernooij)
[2022-10-08] node-dompurify 2.4.0+dfsg+~2.3.4-2 MIGRATED to testing (Debian testing watch)
[2022-10-03] Accepted node-dompurify 2.4.0+dfsg+~2.3.4-2 (source) into unstable (Yadd) (signed by: Xavier Guimard)
[2022-09-04] node-dompurify 2.4.0+dfsg+~2.3.4-1 MIGRATED to testing (Debian testing watch)
[2022-08-25] Accepted node-dompurify 2.4.0+dfsg+~2.3.4-1 (source) into unstable (Yadd) (signed by: Xavier Guimard)
[2022-08-02] node-dompurify 2.3.10+dfsg+~2.3.3-1 MIGRATED to testing (Debian testing watch)
[2022-07-27] Accepted node-dompurify 2.3.10+dfsg+~2.3.3-1 (source) into unstable (Yadd) (signed by: Xavier Guimard)
[2022-07-21] node-dompurify 2.3.9+dfsg+~2.3.3-1 MIGRATED to testing (Debian testing watch)
[2022-07-16] Accepted node-dompurify 2.3.9+dfsg+~2.3.3-1 (source) into unstable (Yadd) (signed by: Xavier Guimard)
[2022-05-24] node-dompurify 2.3.8+dfsg-1 MIGRATED to testing (Debian testing watch)
[2022-05-19] Accepted node-dompurify 2.3.8+dfsg-1 (source) into unstable (Yadd) (signed by: Xavier Guimard)
[2022-05-18] node-dompurify 2.3.7+dfsg-1 MIGRATED to testing (Debian testing watch)
[2022-05-12] Accepted node-dompurify 2.3.7+dfsg-1 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2021-11-10] node-dompurify 2.3.3+dfsg-1 MIGRATED to testing (Debian testing watch)
[2021-11-05] Accepted node-dompurify 2.3.3+dfsg-1 (source) into unstable (Caleb Adepitan) (signed by: Xavier Guimard)
[2021-09-25] node-dompurify 2.3.0+dfsg-2 MIGRATED to testing (Debian testing watch)
[2021-09-19] Accepted node-dompurify 2.3.0+dfsg-2 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)

bugs [bug history graph]

all: 0

links

homepage
lintian (0, 2)
buildd: logs, exp, reproducibility
popcon
browse source code
edit tags
other distros
security tracker
screenshots
debian patches
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 3.1.7+dfsg+~3.0.5-1