Resolves: RHBZ#2005419

Resolves CVE-2020-28469
Rebase to newest version
Change source to npmjs.com

.gitignore

@@ -1,3 +1,4 @@
 /nodemon-v1.18.3-bundled.tar.gz
 /nodemon-v2.0.3-bundled.tar.gz
 /nodemon-v2.0.7-bundled.tar.gz
+/nodemon-v2.0.15-bundled.tar.gz

nodejs-nodemon.spec

@@ -5,11 +5,11 @@
 %global enable_tests 0
 
 Name:          nodejs-%{npm_name}
-Version:       2.0.7
+Version:       2.0.15
 Release:       1%{?dist}
 Summary:       Simple monitor script for use during development of a node.js app
 License:       MIT
-URL:           https://github.com/remy/nodemon
+URL:           https://www.npmjs.com/package/nodemon
 Source0:       %{npm_name}-v%{version}-bundled.tar.gz
 
 BuildRequires: nodejs-devel
@@ -36,18 +36,18 @@ Simple monitor script for use during development of a node.js app.
 
 For use during development of a node.js based application.
 
-nodemon will watch the files in the directory in which nodemon 
+nodemon will watch the files in the directory in which nodemon
-was started, and if any files change, nodemon will automatically 
+was started, and if any files change, nodemon will automatically
 restart your node application.
 
-nodemon does not require any changes to your code or method of 
+nodemon does not require any changes to your code or method of
-development. nodemon simply wraps your node application and keeps 
+development. nodemon simply wraps your node application and keeps
-an eye on any files that have changed. Remember that nodemon is a 
+an eye on any files that have changed. Remember that nodemon is a
-replacement wrapper for node, think of it as replacing the word "node" 
+replacement wrapper for node, think of it as replacing the word "node"
 on the command line when you run your script.
 
 %prep
-%setup -q -n %{npm_name}-%{version}
+%setup -q -n package
 
 %build
 
@@ -56,14 +56,11 @@ on the command line when you run your script.
 
 %install
 mkdir -p %{buildroot}%{nodejs_sitelib}/%{npm_name}
-cp -pr doc bin lib package.json website node_modules %{buildroot}%{nodejs_sitelib}/%{npm_name}
+cp -pr doc bin lib package.json node_modules %{buildroot}%{nodejs_sitelib}/%{npm_name}
 
 mkdir -p %{buildroot}%{_bindir}
 ln -sf %{nodejs_sitelib}/%{npm_name}/bin/nodemon.js %{buildroot}%{_bindir}/nodemon
 
-
-#%%nodejs_symlink_deps
-
 %if 0%{?enable_tests}
 %check
 %nodejs_symlink_deps --check
@@ -71,11 +68,17 @@ npm run test
 %endif
 
 %files
-%doc CODE_OF_CONDUCT.md doc faq.md README.md
+%doc doc README.md
 %{nodejs_sitelib}/%{npm_name}
 %{_bindir}/nodemon
 
 %changelog
+* Tue Nov 30 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 2.0.15-1
+- Resolves: RHBZ#2005419
+- Resolves CVE-2020-28469
+- Rebase to newest version
+- Change source to npmjs.com
+
 * Tue May 11 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 2.0.7-1
 - Resolves: RHBZ#1953991
 - Update to 2.0.7 to resolve CVE-2020-28469

nodemon-tarball.sh

@@ -1,7 +1,7 @@
 #!/bin/sh
 
 version=$(rpm -q --specfile --qf='%{version}\n' nodejs-nodemon.spec | head -n1)
-wget https://github.com/remy/nodemon/archive/v$version.tar.gz
+wget https://registry.npmjs.org/nodemon/-/nodemon-$version.tgz
-tar -zxf v$version.tar.gz
+tar -zxf nodemon-$version.tgz
-cd nodemon-$version
+cd package
-npm install --production && cd .. && tar -zcf nodemon-v$version-bundled.tar.gz nodemon-$version
+npm install --production && rm -rf Dockerfile && cd .. && tar -zcf nodemon-v$version-bundled.tar.gz package

sources

@@ -1 +1 @@
-SHA512 (nodemon-v2.0.7-bundled.tar.gz) = e4279b3bbd620d392d3216df57f4b31214bba5cdacd4ac40689fa07677761c00c8ab5169a2162a8bb281a6737852c918a36c069e4c6c43e5cf10bf2b6774e9c0
+SHA512 (nodemon-v2.0.15-bundled.tar.gz) = 7a187493cd376940397c3f0a3bff04f56089c7b9335ab3b1a74cf5fe27a027876c155143c1a3fe636fc83d4df2194def9b58b6228880bf9e10e7646ef3e51e1d