7 changed files with 131 additions and 30 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1,4 @@
-SOURCES/nodemon-v2.0.3-bundled.tar.gz
+/nodemon-v2.0.3-bundled.tar.gz
+/nodemon-v2.0.19-bundled.tar.gz
+/nodemon-v2.0.20-bundled.tar.gz
+/nodemon-v3.0.1-bundled.tar.gz
--- a/.nodejs-nodemon.metadata
+++ b/.nodejs-nodemon.metadata
@ -1 +0,0 @@
-a515df94af26b438ffbf4d914259f16a03cc7c15 SOURCES/nodemon-v2.0.3-bundled.tar.gz
--- a/0001-deps-glob-parent-Resolve-ReDoS-vulnerability-from-CV.patch
+++ b/0001-deps-glob-parent-Resolve-ReDoS-vulnerability-from-CV.patch
@ -0,0 +1,63 @@
+From 62287c7af3aabd73db9bd1057c4c6cfcb5f3f67b Mon Sep 17 00:00:00 2001
+From: Takayuki Sato <sttk.xslet@gmail.com>
+Date: Tue, 20 Jul 2021 14:46:33 +0900
+Subject: [PATCH] deps(glob-parent): Resolve ReDoS vulnerability from
+ CVE-2021-35065 (#49)
+
+Signed-off-by: rpm-build <rpm-build>
+---
+ node_modules/glob-parent/index.js | 27 +++++++++++++++++++++++++--
+ 1 file changed, 25 insertions(+), 2 deletions(-)
+
+diff --git a/node_modules/glob-parent/index.js b/node_modules/glob-parent/index.js
+index 09e257e..b182190 100644
+--- a/node_modules/glob-parent/index.js
+++ b/node_modules/glob-parent/index.js
+@@ -6,7 +6,6 @@ var isWin32 = require('os').platform() === 'win32';
+ 
+ var slash = '/';
+ var backslash = /\\/g;
+-var enclosure = /[\{\[].*[\}\]]$/;
+ var globby = /(^|[^\\])([\{\[]|\([^\)]+$)/;
+ var escaped = /\\([\!\*\?\|\[\]\(\)\{\}])/g;
+ 
+@@ -25,7 +24,7 @@ module.exports = function globParent(str, opts) {
+   }
+ 
+   // special case for strings ending in enclosure containing path separator
+-  if (enclosure.test(str)) {
+  if (isEnclosure(str)) {
+     str += slash;
+   }
+ 
+@@ -40,3 +39,27 @@ module.exports = function globParent(str, opts) {
+   // remove escape chars and return result
+   return str.replace(escaped, '$1');
+ };
+
+
+function isEnclosure(str) {
+  var lastChar = str.slice(-1)
+
+  var enclosureStart;
+  switch (lastChar) {
+    case '}':
+      enclosureStart = '{';
+      break;
+    case ']':
+      enclosureStart = '[';
+      break;
+    default:
+      return false;
+  }
+
+  var foundIndex = str.indexOf(enclosureStart);
+  if (foundIndex < 0) {
+    return false;
+  }
+
+  return str.slice(foundIndex + 1, -1).includes(slash);
+}
+-- 
+2.39.2
+
--- a/README.md
+++ b/README.md
@ -0,0 +1,3 @@
+# nodejs-nodemon
+
+The nodejs-nodemon package
--- a/SPECS/nodejs-nodemon.spec
+++ b/SPECS/nodejs-nodemon.spec
@ -5,13 +5,15 @@
 %global enable_tests 0

 Name:          nodejs-%{npm_name}
-Version:       2.0.3
+Version:       3.0.1
 Release:       1%{?dist}
 Summary:       Simple monitor script for use during development of a node.js app
 License:       MIT
-URL:           https://github.com/remy/nodemon
+URL:           https://www.npmjs.com/package/nodemon
 Source0:       %{npm_name}-v%{version}-bundled.tar.gz

+Patch1:        0001-deps-glob-parent-Resolve-ReDoS-vulnerability-from-CV.patch
+
 BuildRequires: nodejs-devel
 BuildRequires: nodejs-packaging
 BuildRequires: npm
@ -19,17 +21,6 @@ BuildRequires: npm
 ExclusiveArch: %{nodejs_arches} noarch
 BuildArch:     noarch

-%if 0%{?enable_tests}
-BuildRequires:  npm(async)
-BuildRequires:  npm(coffee-script)
-BuildRequires:  npm(husky)
-BuildRequires:  npm(istanbul)
-BuildRequires:  npm(jscs)
-BuildRequires:  npm(mocha)
-BuildRequires:  npm(proxyquire)
-BuildRequires:  npm(semantic-release)
-BuildRequires:  npm(should)
-%endif

 %description
 Simple monitor script for use during development of a node.js app.
@ -47,7 +38,7 @@ replacement wrapper for node, think of it as replacing the word "node"
 on the command line when you run your script.

 %prep
-%setup -q -n %{npm_name}-%{version}
+%autosetup -p1 -n package

 %build

@ -56,14 +47,11 @@ on the command line when you run your script.

 %install
 mkdir -p %{buildroot}%{nodejs_sitelib}/%{npm_name}
-cp -pr doc bin lib package.json website node_modules %{buildroot}%{nodejs_sitelib}/%{npm_name}
+cp -pr doc bin lib package.json node_modules %{buildroot}%{nodejs_sitelib}/%{npm_name}

 mkdir -p %{buildroot}%{_bindir}
 ln -sf %{nodejs_sitelib}/%{npm_name}/bin/nodemon.js %{buildroot}%{_bindir}/nodemon

-
-#%%nodejs_symlink_deps
-
 %if 0%{?enable_tests}
 %check
 %nodejs_symlink_deps --check
@ -71,14 +59,51 @@ npm run test
 %endif

 %files
-%doc CODE_OF_CONDUCT.md doc faq.md README.md
+%doc doc README.md
 %{nodejs_sitelib}/%{npm_name}
 %{_bindir}/nodemon

 %changelog
-* Wed May 06 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 2.0.3-1
- Resolves: RHBZ#1920692, RHBZ#1804236, RHBZ#1803247
- Rebase to 2.0.3
+* Wed Aug 23 2023 Zuzana Svetlikova <zsvetlik@redhat.com> - 3.0.1-1
+- Rebase to 3.0.1
+- Resolves: CVE-2022-25883
+
+* Mon Mar 27 2023 Zuzana Svetlikova <zsvetlik@redhat.com> - 2.0.20-3
+- Patch bundled glob-parent
+- Resolves: CVE-2021-35065
+
+* Thu Dec 08 2022 Zuzana Svetlikova <zsvetlik@redhat.com> - 2.0.20-2
+- Record CVE fixed in the current or previous upstream versions
+- Resolves: CVE-2021-44906
+
+* Fri Nov 18 2022 Jan Staněk <jstanek@redhat.com> - 2.0.20-1
+- Rebase to 2.0.20
+  Resolves: CVE-2022-3517
+
+* Wed Aug 31 2022 Jan Staněk <jstanek@redhat.com> - 2.0.19-1
+- Rebase to 2.0.19
+  Resolves: CVE-2022-33987 rhbz#2073156 CVE-2021-33502 CVE-2021-3807 CVE-2020-28469
+  Resolves: CVE-2020-7788
+
+* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 2.0.3-6
+- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
+  Related: rhbz#1991688
+
+* Tue Jun 22 2021 Mohan Boddu <mboddu@redhat.com> - 2.0.3-5
+- Rebuilt for RHEL 9 BETA for openssl 3.0
+  Related: rhbz#1971065
+
+* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 2.0.3-4
+- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
+
+* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.3-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.3-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Fri May 01 2020 Honza Horak <hhorak@redhat.com> - 2.0.3-1
+- Update to 2.0.3

 * Mon Aug 13 2018 Zuzana Svetlikova <zsvetlik@redhat.com> - 1.18.3-1
 - Resolves: #1615413
--- a/nodemon-tarball.sh
+++ b/nodemon-tarball.sh
@ -0,0 +1,7 @@
+#!/bin/sh
+
+version=$(rpm -q --specfile --qf='%{version}\n' nodejs-nodemon.spec | head -n1)
+wget https://registry.npmjs.org/nodemon/-/nodemon-$version.tgz
+tar -zxf nodemon-$version.tgz
+cd package
+npm install --production && rm -rf Dockerfile && cd .. && tar -zcf nodemon-v$version-bundled.tar.gz package
--- a/1
+++ b/1
@ -0,0 +1 @@
+SHA512 (nodemon-v3.0.1-bundled.tar.gz) = 06d02ed86ee940542c205587510a620da35bdebc765840bed84df3a2576ffb59dc96aea734a9e86caf3ce6540aa3476bf559e06fea18761fca1d1c20defc5b3c
				`@ -1 +0,0 @@`
				`a515df94af26b438ffbf4d914259f16a03cc7c15 SOURCES/nodemon-v2.0.3-bundled.tar.gz`
				`@ -0,0 +1 @@`
				`SHA512 (nodemon-v3.0.1-bundled.tar.gz) = 06d02ed86ee940542c205587510a620da35bdebc765840bed84df3a2576ffb59dc96aea734a9e86caf3ce6540aa3476bf559e06fea18761fca1d1c20defc5b3c`