Use the following template to for the 'fedpkg update' request to submit an
update for this issue as it contains the top-level parent bug(s) as well as
this tracking bug.  This will ensure that all associated bugs get updated
when new packages are pushed to stable.

=====

# bugfix, security, enhancement, newpackage (required)
type=security

# low, medium, high, urgent (required)
severity=medium

# testing, stable
request=testing

# Bug numbers: 1234,9876
bugs=2155600,2155730

# Description of your update
notes=Security fix for [PUT CVEs HERE]

# Enable request automation based on the stable/unstable karma thresholds
autokarma=True
stable_karma=3
unstable_karma=-3

# Automatically close bugs when this marked as stable
close_bugs=True

# Suggest that users restart after update
suggest_reboot=False

======

Additionally, you may opt to use the bodhi web interface to submit updates:

https://bodhi.fedoraproject.org/updates/new

In the examples directory in the -doc subpackage, I find:

- examples/server/javascript/package.json and examples/client/javascript/package.json have:

  "smoothie": "1.19.0"

- examples/server/asgi/latency.html, examples/server/tornado/templates/latency.html, examples/server/wsgi/templates/latency.html, examples/server/sanic/latency.html, and examples/server/aiohttp/latency.html have:

  <script src="//cdnjs.cloudflare.com/ajax/libs/smoothie/1.27.0/smoothie.js"></script>

- examples/server/javascript/latency_public/index.html has:

  <script src="https://cdnjs.cloudflare.com/ajax/libs/smoothie/1.2.0/smoothie.js"></script>

Nowhere in the package is the smoothie JS library bundled, and none of the references to it match the versions named in bug 2155600 (“from 1.31.0 and before 1.36.1”).

I am tempted to remove the examples from the -doc subpackage because this is not the first bogus/nuisance bug that has been filed about them (e.g. bug 2147340), but I feel like they really are a useful addition to the documentation. For now I’m going to cross my fingers and hope this doesn’t keep happening.