Debian Package Tracker - node-yarnpkg

general

source: node-yarnpkg (main)
version: 1.21.1-1
maintainer: Debian Javascript Maintainers (archive) (DMD)
uploaders: Paolo Greppi [DMD] [DM]
arch: all
std-ver: 4.4.1
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

stable: 1.13.0-1+deb10u1
stable-bpo: 1.19.1-1~bpo10+1
testing: 1.19.1-1
unstable: 1.21.1-1
exp: 1.21.1-2~exp1

versioned links

1.13.0-1+deb10u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.19.1-1~bpo10+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.19.1-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.21.1-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.21.1-2~exp1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

yarnpkg (3 bugs: 0, 3, 0, 0)

action needed

1 security issue in buster high

There is 1 open security issue in buster.

1 important issue:

CVE-2019-10773: In Yarn before 1.21.1, the package install functionality can be abused to generate arbitrary symlinks on the host filesystem by using specially crafted "bin" keys. Existing files could be overwritten depending on the current user permission set.

Please fix it.

Created: 2019-12-17 Last update: 2019-12-18 08:38

1 security issue in bullseye high

There is 1 open security issue in bullseye.

1 important issue:

CVE-2019-10773: In Yarn before 1.21.1, the package install functionality can be abused to generate arbitrary symlinks on the host filesystem by using specially crafted "bin" keys. Existing files could be overwritten depending on the current user permission set.

Please fix it.

Created: 2019-12-17 Last update: 2019-12-18 08:38

The package has not entered testing even though the delay is over normal

The package has not entered testing even though the 5-day delay is over. Check why.

Created: 2019-12-23 Last update: 2020-02-18 00:34

Fails to build during reproducibility testing normal

A package building reproducibly enables third parties to verify that the source matches the distributed binaries. It has been identified that this source package produced different results, failed to build or had other issues in a test environment. Please read about how to improve the situation!

Created: 2019-12-28 Last update: 2020-02-17 19:53

3 new commits since last upload, is it time to release? normal

vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:

commit ce2089a61bab00d377fe0413cb9debf4200ebed3
Author: Xavier Guimard <yadd@debian.org>
Date:   Tue Dec 31 21:04:41 2019 +0100

    Remove outdated fields from metadata

commit 0e4cc4125b79709c15d8fc30db6c7d4720db4766
Author: Xavier Guimard <yadd@debian.org>
Date:   Tue Dec 31 21:04:14 2019 +0100

    Add Bug-Submit field in metadata

commit 99ebd75f0386e0b08234d2665b12949fa858390b
Author: Xavier Guimard <yadd@debian.org>
Date:   Tue Dec 31 21:03:21 2019 +0100

    Add "Rules-Requires-Root: no"

Created: 2019-12-31 Last update: 2020-02-12 01:39

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.5.0 instead of 4.4.1).

Created: 2020-01-21 Last update: 2020-01-21 05:05

testing migrations

excuses:
- Migration status for node-yarnpkg (1.19.1-1 to 1.21.1-1): BLOCKED: Rejected/violates migration policy/introduces a regression
- Issues preventing migration:
- Updating node-yarnpkg introduces new bugs: #947074
- missing build on all
- arch:all not built yet, autopkgtest delayed
- Additional info:
- Piuparts tested OK - https://piuparts.debian.org/sid/source/n/node-yarnpkg.html
- 62 days old (needed 5 days)
- Not considered

news

[rss feed]

[2019-12-23] Accepted node-yarnpkg 1.21.1-2~exp1 (source) into experimental (Paolo Greppi)
[2019-12-17] Accepted node-yarnpkg 1.21.1-1 (source) into unstable (Paolo Greppi)
[2019-11-18] Accepted node-yarnpkg 1.19.1-1~bpo10+1 (source all) into buster-backports, buster-backports (Utkarsh Gupta) (signed by: Praveen Arimbrathodiyil)
[2019-11-09] Accepted node-yarnpkg 1.13.0-1+deb10u1 (source) into proposed-updates->stable-new, proposed-updates (Xavier Guimard)
[2019-11-02] node-yarnpkg 1.19.1-1 MIGRATED to testing (Debian testing watch)
[2019-10-31] Accepted node-yarnpkg 1.19.1-1 (source) into unstable (Paolo Greppi)
[2019-10-14] Accepted node-yarnpkg 1.19.1-1~exp1 (source) into experimental (Paolo Greppi)
[2019-10-02] node-yarnpkg 1.13.0-3 MIGRATED to testing (Debian testing watch)
[2019-09-29] Accepted node-yarnpkg 1.13.0-3 (source) into unstable (Paolo Greppi)
[2019-09-21] node-yarnpkg 1.13.0-2 MIGRATED to testing (Debian testing watch)
[2019-09-19] Accepted node-yarnpkg 1.13.0-2 (source) into unstable (Paolo Greppi)
[2019-02-04] node-yarnpkg 1.13.0-1 MIGRATED to testing (Debian testing watch)
[2019-01-28] Accepted node-yarnpkg 1.13.0-1 (source all) into unstable, unstable (Paolo Greppi) (signed by: Xavier Guimard)

bugs [bug history graph]

all: 0

links

homepage
buildd: logs, exp, clang, reproducibility
popcon
browse source code
edit tags
security tracker
debci