Skip to content

Commit

Permalink
doc: add 2024-09-12 meeting notes (#1380)
Browse files Browse the repository at this point in the history
* doc: add 2024-09-12 meeting notes

* Update meetings/2024-09-12.md

Co-authored-by: Ulises Gascón <[email protected]>

---------

Co-authored-by: Ulises Gascón <[email protected]>
  • Loading branch information
RafaelGSS and UlisesGascon authored Sep 25, 2024
1 parent dbc0cd0 commit 9b38e9f
Showing 1 changed file with 61 additions and 0 deletions.
61 changes: 61 additions & 0 deletions meetings/2024-09-12.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,61 @@
# Node.js Security team Meeting 2024-09-12

## Links

* **Recording**: https://www.youtube.com/watch?v=9xrNEZPBFD0
* **GitHub Issue**: https://github.com/nodejs/security-wg/issues/1375
* **Minutes Google Doc**: https://docs.google.com/document/d/1eGBJFVcCE6pfRoWoBRjIgwehPl0SzxiNG70YiYeJw68/edit

## Present

* Security wg team: @nodejs/security-wg
* Thomas GENTILHOMME: @fraxken
* Marco Ippolito: @marco-ippolito
* Rafael Gonzaga: @RafaelGSS
* Michael Dawson: @mhdawson
* Ulises Gascón: @UlisesGascon

## Agenda

## Announcements

*Extracted from **security-wg-agenda** labelled issues and pull requests from the **nodejs org** prior to the meeting.

* Express v5 came with security fixes to body-parser plugin
* Node.js vulnerability database now includes a severity field
* https://github.com/nodejs/nodejs-cve-checker - Rafael will double check if the scheduled CVE were now published

- [X] Vulnerability Review - https://github.com/nodejs/nodejs-dependency-vuln-assessments/issues
- V8 backport to Node.js v18 is unlikely to happen as there’s a risk to break users in general
- [X] OpenSSF Scorecard Monitor Review
- No action is needed from our side. PR: https://github.com/nodejs/security-wg/pull/1378

### nodejs/node

* src: add WDAC integration (Windows) [#54364](https://github.com/nodejs/node/pull/54364)
* no action this week

### nodejs/security-wg

* Node.js maintainers: Threat Model [#1333](https://github.com/nodejs/security-wg/issues/1333)
* Team effort to fill all fields of access-per-group
* Rafael will open a PR to TSC to ask for feedback
* Audit build process for dependencies [#1037](https://github.com/nodejs/security-wg/issues/1037)
* no action this week

* Automate security release process [#860](https://github.com/nodejs/security-wg/issues/860)
* no action this week
* https://github.com/nodejs/node-core-utils/pull/835 this PR automates promotion step


## Q&A, Other
@Ulises: Let’s review https://github.com/nodejs/nodejs.org/pull/6979 (alternative: https://github.com/nodejs/nodejs.org/pull/7034)



## Upcoming Meetings

* **Node.js Project Calendar**: <https://nodejs.org/calendar>

Click `+GoogleCalendar` at the bottom right to add to your own Google calendar.

0 comments on commit 9b38e9f

Please sign in to comment.