Univention Bugzilla – Bug 51055
Remove old, unsecure, unmaintained: npm, node-stylus
Last modified: 2021-03-19 11:26:39 CET
For the the UMC with UCS-4.0 "Node.js packet manager" (npm) and "node-stylus" where required, but not yet available in Debian 7 Wheezy: - <https://packages.debian.org/search?keywords=npm&searchon=sourcenames&exact=1> - <https://packages.debian.org/search?suite=default§ion=all&arch=any&searchon=sourcenames&keywords=node-stylus> Therefor the tools were packaged ourselves and included with the main UCS repository: - management/npm 1.4.27-1 (Bug #35822, Bug #35654) - management/stylus 0.48.1-2 (Bug #35823) Only stylus was updated once with UCS-4.2, which is based on Debian 8 Jessie: - management/stylus 0.54.5-1 (Bug #35823, Bug #42337) (Debian 8 Jessie only contained version 0.48.1+dfsg-1) UCS-4.3 switched to Debian 9 Stretch, which has: - node-stylus 0.54.5-1 - npm 5.8.0+ds6-2~bpo9+1 only through stretch-backports as npm was considered unstable for Debian back when Stretch got released; only since Debian 10 Buster (will be used for UCS-5) npm is included in Debian with version 5.8.0+ds6-4 Re-building npm in UCS-4.4 currently fails: >./git/node_modules/marked/bin/marked:47 > let input, > ^^^ > >SyntaxError: Block-scoped declarations (let, const, function, class) not yet >supported outside strict mode > at exports.runInThisContext (vm.js:53:16) > at Module._compile (module.js:373:25) > at Object.Module._extensions..js (module.js:416:10) > at Module.load (module.js:343:32) > at Function.Module._load (module.js:300:12) > at Function.Module.runMain (module.js:441:10) > at startup (node.js:140:18) > at node.js:1043:3 >Makefile:142: recipe for target 'html/doc/api/npm-install.html' failed Looking at the releases of those packages in UCS: # SELECT srcpkg,srcver,major,minor,patch,site,maintained FROM binpkg WHERE srcpkg IN ('npm','stylus') ORDER BY 1,3,4,5 ASC; srcpkg | srcver | major | minor | patch | site | maintained --------+------------------------------+-------+-------+-------+------+------------ npm | 1.4.27-1.9.201410061818 | 4 | 0 | 0 | apt | npm | 1.4.27-1.9.201410061818 | 4 | 0 | 0 | ftp | f npm | 1.4.27-1.10.201508061304 | 4 | 0 | 3 | ftp | t npm | 1.4.27-1.10.201508061304 | 4 | 0 | 3 | apt | stylus | 0.48.1-2.15.201410280851 | 4 | 0 | 0 | ftp | f stylus | 0.48.1-2.15.201410280851 | 4 | 0 | 0 | apt | stylus | 0.54.5-1A~4.2.0.201701292124 | 4 | 2 | 0 | apt | stylus | 0.54.5-1A~4.2.0.201701292124 | 4 | 2 | 0 | ftp | f - npm was released as maintained only for "edyou App" Bug #37972 in UCS-4.0-3, but in no later version; it also seems to be no longer available from our App center: <https://www.univention.de/produkte/univention-app-center/app-katalog/?term=edyou> - stylus is only used internally for building our UCS pckages. As our `npm` package is only required to build our `stylus` package, which is no longer required as Debian provides the same version as `node-stylus`, 1. the two packages should be removed 2. the build-dependencies on `stylus` should be changed to `node-stylus`
Rebuilding management/univention-web with nodejs from UCS-4.4-4 currently fails with the following error: 4084 »···module: umc/widgets/Uploader; plugin: umc/i18n 4085 error(307) Failed to evaluate module tagged as pure AMD (fell back to processing with regular expressions). 4086 »···module: umc/dialog/NotificationDropDownButton; error: SyntaxError: missing name after . operator 4087 »···module: umc/tools; error: SyntaxError: missing name after . operator 4088 »···module: umc/widgets/Grid; error: SyntaxError: missing name after . operator Maybe it's `.class`: related: NotificationDropDownButton.js.uncompressed.js:382: WARNING - Keywords and reserved words are not allowed as unquoted property names in older versions of JavaScript. If you are targeting newer versions of JavaScript, set the appropriate language_in option. this.class += ' umcNotificationDropDownButton'; ^ tools.js.uncompressed.js:2071: WARNING - Keywords and reserved words are not allowed as unquoted property names in older versions of JavaScript. If you are targeting newer versions of JavaScript, set the appropriate language_in option. if (w.class) { ^ tools.js.uncompressed.js:2072: WARNING - Keywords and reserved words are not allowed as unquoted property names in older versions of JavaScript. If you are targeting newer versions of JavaScript, set the appropriate language_in option. id = lang.replace('{0}; class: {1}', [id, w.class]); ^ Comparing the difference of packages between a build in our repo-ng-buildsystem with a build in docker shows the following difference: --- PUT.buildsystem 2020-04-04 07:13:58.217085743 +0200 +++ PUT.docker 2020-04-03 11:10:09.142847219 +0200 @@ -150,0 +151 @@ +libjs-inherits 2.0.3-1 @@ -286,0 +288,18 @@ +node-amdefine 0.1.0-1 +node-balanced-match 0.4.2-1 +node-brace-expansion 1.1.6-1+deb9u1 +node-concat-map 0.0.1-1 +node-css 2.1.0-2 +node-debug 2.5.1-1 +node-fs.realpath 1.0.0-1 +node-glob 7.1.1-1 +node-inflight 1.0.6-1 +node-inherits 2.0.3-1 +node-minimatch 3.0.3-1 +node-mkdirp 0.5.0-1 +node-once 1.4.0-2 +node-path-is-absolute 1.0.0-1 +node-sax 0.5.5-1 +node-source-map 0.5.6+dfsg-1 +node-stylus 0.54.5-1 REPLACING stylus BELOW +node-wrappy 1.0.2-1 @@ -288 +306,0 @@ -nodejs-legacy 4.8.2~dfsg-1 ADDS ONLY LEGACY LINK /usr/bin/node @@ -342 +359,0 @@ -stylus 0.54.5-1A~4.2.0.201701292124 REPLACED BY node-stylus UP
[4.4-4] 673c4e4885 Bug #51055: Switch to Debian node-stylus base/univention-app-appliance/debian/control | 2 +- base/univention-system-activation/debian/control | 2 +- base/univention-system-setup/debian/control | 2 +- management/univention-appcenter/debian/control | 2 +- management/univention-portal/debian/control | 2 +- management/univention-self-service/debian/control | 2 +- management/univention-server-overview/debian/control | 2 +- management/univention-web/debian/control | 4 ++-- services/univention-admin-diary/debian/control | 2 +- test/univention-demo-configuration/debian/control | 2 +- 10 files changed, 11 insertions(+), 11 deletions(-) [4.4-4] 8c495517da Bug #51055: Remove stylus - version in Debian 9 Stretch 8 files changed, 250 deletions(-) [4.4-4] 2379f85ae4 Bug #51055: Remove npm - newer version in Debian 10 Buster 7 files changed, 729 deletions(-) QA: All touched packages have been successfully test-re-build by <https://git.knut.univention.de/univention/ucs/pipelines/4389> with this changed applied. As this is an internal-only change the packages have not been re-build and as such there are no packages to release now. For "univention-web" I compared the build with our old version and with the new version from Debian manually - there is no change: $ debdiff old/univention-web-js_3.0.5-32_all.deb new/univention-web-js_3.0.5-32_all.deb File lists identical (after any substitutions) No differences were encountered between the control files $ debdiff old/univention-web-src_3.0.5-32_all.deb new/univention-web-src_3.0.5-32_all.deb File lists identical (after any substitutions) No differences were encountered between the control files $ debdiff old/univention-web-style_3.0.5-32_all.deb new/univention-web-style_3.0.5-32_all.deb File lists identical (after any substitutions) No differences were encountered between the control files $ LANG=c diff -ruN old new --exclude \*.deb diff: old/1/var/www/univention/js: No such file or directory diff: new/1/var/www/univention/js: No such file or directory diff -ruN --exclude '*.deb' old/2/usr/share/univention-web-src/js/de.po new/2/usr/share/univention-web-src/js/de.po --- old/2/usr/share/univention-web-src/js/de.po 2020-04-06 19:44:02.000000000 +0200 +++ new/2/usr/share/univention-web-src/js/de.po 2020-04-06 19:44:02.000000000 +0200 @@ -2,7 +2,7 @@ msgstr "" "Project-Id-Version: univention-management-console-frontend\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2020-04-21 14:10+0000\n" +"POT-Creation-Date: 2020-04-21 14:28+0000\n" "PO-Revision-Date: 2019-09-20 16:14+0200\n" "Last-Translator: Univention GmbH <packages@univention.de>\n" "Language-Team: Univention GmbH <packages@univention.de>\n" diff -ruN --exclude '*.deb' old/2/usr/share/univention-web-src/js/en.po new/2/usr/share/univention-web-src/js/en.po --- old/2/usr/share/univention-web-src/js/en.po 2020-04-06 19:44:02.000000000 +0200 +++ new/2/usr/share/univention-web-src/js/en.po 2020-04-06 19:44:02.000000000 +0200 @@ -7,7 +7,7 @@ msgstr "" "Project-Id-Version: univention-management-console-frontend\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2020-04-21 14:10+0000\n" +"POT-Creation-Date: 2020-04-21 14:28+0000\n" "PO-Revision-Date: 2019-09-20 15:40+0200\n" "Last-Translator: Univention GmbH <packages@univention.de>\n" "Language-Team: Univention GmbH <packages@univention.de>\n" diff: old/3/var/www/univention/js/dijit/themes/umc/icons: No such file or directory diff: new/3/var/www/univention/js/dijit/themes/umc/icons: No such file or directory
OK: diff univention-web OK: diff all stylus generated css files OK: no errata neccessary
*** Bug 48351 has been marked as a duplicate of this bug. ***
Nothing to release.