npm (5.8.0+ds6-4+deb10u2) buster; urgency=medium * Team upload * Don't show password in logs (Closes: CVE-2020-15095) -- Xavier Guimard Fri, 28 Aug 2020 13:36:33 +0200 npm (5.8.0+ds6-4+deb10u1) buster; urgency=medium * Add patches to fix arbitrary path access (Closes: CVE-2019-16775, CVE-2019-16776, CVE-2019-16777) -- Xavier Guimard Sun, 15 Dec 2019 16:19:02 +0100 npm (5.8.0+ds6-4) unstable; urgency=medium * Team upload * Add upstream/metadata * Declare compliance with policy 4.3.0 * Remove old broken bash_completion file using maintscript (Closes: #917217) * Fix debian/copyright urls -- Xavier Guimard Wed, 13 Feb 2019 23:01:53 +0100 npm (5.8.0+ds6-3) unstable; urgency=medium [ Pirate Praveen ] * Update homepage to docs.npmjs.com (as given in package.json) (Closes: #910250) [ Jérémy Lal ] * Patch to fix LRUCache constructor call (Closes: #918889) -- Jérémy Lal Thu, 10 Jan 2019 12:19:12 +0100 npm (5.8.0+ds6-2) unstable; urgency=medium * Tighten dependency versions as per package.json -- Pirate Praveen Fri, 26 Oct 2018 12:10:25 +0530 npm (5.8.0+ds6-1) unstable; urgency=medium * Add set -x to autopkgtest script * Remove copyright notices for chownr and errno (now uses packaged versions) * Drop 2009_ansi-color-table.patch (ansicolors is embedded, ansistyles and text-table packaged) (Closes: #910921) * Add 'npm outdated' command to autopkgtest * Drop embedded copies of libnpx and cacache (they are now packaged) * Switch to new repo url in watch -- Pirate Praveen Mon, 15 Oct 2018 23:11:45 +0530 npm (5.8.0+ds5-1) unstable; urgency=medium * Remove copyright of modules no longer present in node_modules * Update copyright with cme update dpkg-copyright command * Fix permission of embedded node-gyp.cmd * Use node-errno and chownr from system * Remove node_modules/npm-lifecycle/node_modules/.bin (Closes: #909060) * Remove all .bin diectories in node_modules -- Pirate Praveen Fri, 21 Sep 2018 12:19:32 +0530 npm (5.8.0+ds4-1) unstable; urgency=medium * Add init and install commands to autopkgtest * Add a nodoc build profile (for faster builds) * Tighten more dependency versions * Use npm-package-arg and node-promzard from system * Remove node_modules/.bin directory (Closes: #908985) * Stop renaming of node command to nodejs (nodejs >= 6 provides it) * Install npx command and fix its permission -- Pirate Praveen Mon, 17 Sep 2018 18:38:54 +0530 npm (5.8.0+ds3-1) unstable; urgency=medium * Use node-resolve-from from system * Add node-gyp as dependency for npm-lifecycle -- Pirate Praveen Fri, 14 Sep 2018 15:27:07 +0530 npm (5.8.0+ds2-1) unstable; urgency=medium * Tighten all dependencies * Bring back embedded ansicolors (removed by mistake) -- Pirate Praveen Fri, 14 Sep 2018 14:46:30 +0530 npm (5.8.0+ds1-1) unstable; urgency=medium * Remove readable-stream from dependencies as well * Exclude more packaged modules -- Pirate Praveen Thu, 13 Sep 2018 10:48:46 +0530 npm (5.8.0+ds-3) unstable; urgency=medium * Remove dependency on node-readable-stream (not required) * Bump Standards-Version to 4.2.1 (no changes needed) * Bump debhelper compatibility level to 11 -- Pirate Praveen Wed, 12 Sep 2018 23:15:33 +0530 npm (5.8.0+ds-2) unstable; urgency=medium * Reupload to unstable -- Pirate Praveen Fri, 17 Aug 2018 16:23:18 +0530 npm (5.8.0+ds-1) experimental; urgency=medium [ Diane Trout ] * New upstream release (Closes: #870460, #863963, #794890, #857986) [ Jérémy Lal ] * Switch to dh * Section javascript * Priority optional * Drop Jonas from uploaders because of the move to dh * Update Homepage url * Update Vcs-Browser url * Fix make clean * Override make targets * Temp workaround for failure with prefix/npmrc * Build-Depends node-tacks, node-tap for running tests * Build-Depends node-require-inject for tests * Drop ruby-ronn from build-dependencies * Actually call make clean * NPMOPTS not needed because it does not have to install modules * Exclude request entirely * Exclude node-gyp entirely * Fix install and noop for auto_install * Use repacksuffix * make clean can fail * Disable tests for now * Fix syntax error in watch * repacksuffix makes uversionmangle useless * Add comment for tests * Ignore case to remove extra license files * watch file syntax again * npm need a recent node-tar * Call /usr/bin/node-gyp instead of second-guess where it is [ Pirate Praveen ] * add node-fs-vacuum as dependency * remove all .npmignore files * drop unique-filename, already in the archive * add node-unique-filename as a dependency * add lintian overrides * Reorganize doc-base structure -- Pirate Praveen Wed, 18 Jul 2018 21:37:49 +0530 npm (1.4.21+ds-2) unstable; urgency=medium * Depends node-ansi >= 0.3.0-2 as a replacement for ansicolors, ansistyles. * Update 2009_ansi-color-table.patch. (Closes: #756603) -- Jérémy Lal Wed, 06 Aug 2014 00:28:58 +0200 npm (1.4.21+ds-1) unstable; urgency=medium * Imported Upstream version 1.4.21+ds * control: + move Vcs to pkg-javascript + depends node-underscore + tighten dependency on node-nopt >= 3.0.1 + build-depends node-marked * copyright: + add wildcards to Files-Excluded entries + exclude underscore module + several minor licenses changes + several new paragraphs for new bundled modules * patches: + 2010 to prevent a privacy breach in README.html + 2002 remove unicode symbols from package.json.md * override lintian privacy-breach-generic about link rel canonical, those links are only used by robots. -- Jérémy Lal Tue, 29 Jul 2014 08:38:21 +0200 npm (1.4.4+ds-1) unstable; urgency=medium * New upstream release. (Closes: #740338) * Repackaging is no longer DFSG-needed, now only used to ease copyright maintenance. * Switch to uscan and debian/copyright Files-Excluded field for repackaging upstream tarball. Drop usage of cdbs upstream-tarball. * Install completion.sh (Closes: #672388) * Convenient removal of ansicolors, ansistyles, text-table. Instead, depend on node-ansi-color-table and add 2009 patch. * copyright: + npm copyright holder changed to npm, inc. + switch read-installed, promzard, uid-number to ISC license + add sections for path-is-inside, github-url-from-username-repo, npm-install-checks, columnify + remove couch-login section (no longer included) -- Jérémy Lal Sat, 01 Mar 2014 02:57:59 +0100 npm (1.3.10~dfsg-1) unstable; urgency=low * New upstream release. * Standards-Version 3.9.4 * Update README.Debian with info about nodejs-legacy (Closes:#650345) * copyright: + switch npm to Artistic-2.0 + add sections for editor and npm-user-validate + drop debian/* section + update list of excluded files * control: + loosen (build-)dependency on nodejs + Build-Depends on node-glob + depend on node-github-url-from-git, node-sha, and exclude them from tarball + bump versions of node-graceful-fs, node-gyp, node-read-package-json, node-request, node-rimraf, node-semver, node-tar * patches: + remove 2007 patch for compatibility with nodejs 0.6 + remove 2001 patch, not needed with the new license + enhance 2005 path and forward it upstream + add patches to avoid dependency on cmd-shim and child-process-close modules + add 2001 patch to keep documentation buildable by ronn without unicode support * docs: new sections, simplify manpages install -- Jérémy Lal Sun, 08 Sep 2013 01:40:11 +0200 npm (1.2.18~dfsg-3) experimental; urgency=low * Add missing dependency on node-fstream-ignore. -- Jérémy Lal Tue, 30 Apr 2013 00:28:32 +0200 npm (1.2.18~dfsg-2) experimental; urgency=low * Try to keep compatibility with nodejs 0.6 in debian/patches/2007_nodejs_0_6_compat.patch. -- Jérémy Lal Mon, 29 Apr 2013 00:13:30 +0200 npm (1.2.18~dfsg-1) experimental; urgency=low * New upstream release. (Closes: #695821, #705236) * debian/patches: + refresh + remove upstream patches. * debian/control: + update dependencies on external node-* modules + tighten dependencies on modules that are available in unstable and experimental, only when required by npm package.json. + remove DMUA field. + no longer Suggests: build-essential, since building is handled by node-gyp, not directly by npm. * debian/copyright: + update sections to match required modules, + update the list of excluded files, + comment why some modules are kept inside npm * debian/watch: fix again. -- Jérémy Lal Sun, 28 Apr 2013 21:03:50 +0200 npm (1.1.4~dfsg-2) unstable; urgency=low [ Jérémy Lal ] * debian/patches: + 1002_only_use_numeric_UIDs_and_GIDs_in_spawn.patch Upstream commit. Closes: #687052. + 2006_rename_node_to_nodejs.patch : apart from trivial rename of node to nodejs in shebangs and makefile, print a warning and refer to nodejs README on failure of a package lifecycle script. Closes: #686894. * debian/control: + Tighten nodejs version to the one after the rename. + Suggests: build-essential. Closes: #681356. [ Jonas Smedegaard ] * Directly use github.com (not broken githubredir.debian.net). * Allow Debian-Maintainer uploads. -- Jonas Smedegaard Sat, 22 Sep 2012 00:19:00 +0200 npm (1.1.4~dfsg-1) unstable; urgency=low * New upstream release. [ Jérémy Lal ] * Get the source from github repository. * Update package relations: + Relax to build-depend unversioned on cdbs and debhelper, and to depend unversioned on nodejs and O-dev: Required versions satisfied even in oldstable. + Build-depend on nodejs and ruby-ronn. + Depend on node-node-uuid, node-request, node-mkdirp, node-minimatch, node-semver, node-ini, node-graceful-fs, node-abbrev, node-nopt, node-fstream, node-rimraf, node-tar, node-which: Modules bundled with npm upstream yet sensible to reuse by other projects are packaged separately for Debian (exceptions are proto-list, read and slide). * Update copyright: + license changed to Expat+no-false-attribs, discussed at : http://lists.debian.org/debian-legal/2012/03/msg00030.html + Extend copyright year of debian/* section. + Added sections for the included modules. + Explain Source is repackaged. + Added (non-official) Files-Excluded paragraph in header. * DFSG repackaging (using cdbs upstream-tarball.mk), remove : + non-free html/*/GubbleBum-Blocky.ttf + all modules that are dependencies. * Patches : + Drop patches for missing shebangs, applied upstream. + Remove shebang from completion.sh as it is non-executable. + Drop patch to fix completion, no longer needed. + Comply with license: replace Original Author's bug reporting email address and url with information on how to report debian bugs. + Use ruby-ronn instead of ronnjs to build documentation. + Small documentation fixes. * npm configuration has moved from /etc/npm/rootrc, /etc/npm/userrc to /etc/npmrc. * npm is also installed as a node module, so has man(3) documentation. * Documentation installation: + Fix gz extension, override lintian errors. + Install and register html with doc-base. * Use githubredir for watch file. * README.Debian updated. * Use anonscm.d.o in control Vcs-* fields. * Bump policy compliance to standards-version 3.9.3. [ Jonas Smedegaard ] * Update copyright file: + Stop listing convenience copy of uuid.js: no longer included. + Extend a copyright year. + Abbreviate author middle name (to match upstream change). + Add Upstream-Name field. * Git-ignore .pc quilt subdir. -- Jonas Smedegaard Sat, 07 Apr 2012 10:16:32 +0200 npm (0.2.19-1) unstable; urgency=low * New upstream release. [ Jonas Smedegaard ] * Bump policy compliance to standards-version 3.9.2. * Bump copyright file format to draft 174 of DEP-5. * Replace long description with intro from upstream documentation. -- Jonas Smedegaard Sat, 16 Apr 2011 11:32:28 +0200 npm (0.2.16-1) unstable; urgency=low [ Jérémy Lal ] * Initial release. Closes: #587525. -- Jonas Smedegaard Sat, 29 Jan 2011 15:03:31 +0100