#982766 node-webpack: remove dependency on node-uglifyjs-webpack-plugin

Package:
src:node-webpack
Source:
node-webpack
Submitter:
Julian Gilbey
Date:
2022-05-22 10:09:04 UTC
Severity:
serious
Tags:
#982766#5
Date:
2021-02-14 07:14:09 UTC
From:
To:
webpack depends on node-uglifyjs-webpack-plugin, which in turn has a
serious bug report against it because it is abandoned upstream.
According to webpack/package.json, webpack does not seem to actually
depend on this plugin, so it should be find to just remove this
dependency.

If this dependency is left, node-webpack will be dropped from
bullseye.

Best wishes,

   Julian
#982766#10
Date:
2021-02-14 07:32:08 UTC
From:
To:
We should reduce severity of that bug or add bullseye-ignore tag and maintain it without upstream support.
-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.
#982766#15
Date:
2021-02-14 09:25:33 UTC
From:
To:
Quoting Pirate Praveen (2021-02-14 08:32:08)
issue _is_ serious and has been for some time.

@Praveen, do you have any comments on the proposed change?


 - Jonas
#982766#20
Date:
2021-02-14 12:32:36 UTC
From:
To:
It is perfectly working and nothing is broken. Only in case of some future bugs, we will have to fix it ourselves without upstream help. It also just a wrapper for calling uglify-js or terser directly from webpack. We will have to replace it for next release, but I don't think it is release critical when there are people willing to maintain it and nothing is broken currently.

I don't agree to removing webpack (which means removing a large number of node packages as well). My proposed solution is to ignore it for bullseye.
#982766#25
Date:
2021-02-14 13:26:30 UTC
From:
To:
Quoting Pirate Praveen (2021-02-14 13:32:36)
[...]

Sorry, I now realize that we are talking about bug#977311 - I thought we
were talking about bug#952367

I still recommend to request release team to ignore for this release
instead of lowering sverity, but don't care anough about this particular
mess to discuss further...


 - Jonas
#982766#30
Date:
2021-02-16 06:13:35 UTC
From:
To:
Hi,

for the record, I removed build dependency to
node-uglifyjs-webpack-plugin from chai (src:node-chai). The browser
package is no more minified but this is not important: libjs-chai has no
reverse dependency.

Cheers,
Xavier
#982766#35
Date:
2021-02-17 14:01:40 UTC
From:
To:
Has the release team been contacted yet?  Once it is dropped from
testing, it will not be reaccepted for bullseye.

Best wishes,

   Julian
#982766#40
Date:
2021-03-14 06:14:31 UTC
From:
To:
[Ccing debian-release]

1. It is not marked for auto removal in tracker, so it will need a manual action from release team and they will see this bug before they remove.

2. Yadd already discussed about node-uglifyjs-webpack-plugin with release team.

So in my understanding this package will be in bullseye.
#982766#49
Date:
2022-05-03 15:31:59 UTC
From:
To:
Control: block 977311 by -1

I don't recall that discussion now, can somebody please add a pointer to
this bug report such that we can judge what to do with this RC bug for
bookworm?

Paul
#982766#56
Date:
2022-05-21 18:58:04 UTC
From:
To:
On Tue, 3 May 2022 17:31:59 +0200 Paul Gevers <elbrus@debian.org> wrote:
 > Control: block 977311 by -1
 >
 > On Sun, 14 Mar 2021 11:44:31 +0530 Pirate Praveen
 > <praveen@onenetbeyond.org> wrote:
 > > 2. Yadd already discussed about node-uglifyjs-webpack-plugin with
release team.
 >
 > I don't recall that discussion now, can somebody please add a
pointer to
 > this bug report such that we can judge what to do with this RC bug
for
 > bookworm?

That was probably for bullseye. This dependency is now removed in
webpack 5 recently uploaded to unstable.