From 54e615d89bf2e056644e138e7e33714bfd1b67ee Mon Sep 17 00:00:00 2001 From: Ruy Adorno Date: Thu, 9 Feb 2023 15:16:22 -0500 Subject: [PATCH] doc: add minutes for meeting 2023-02-09 (#826) Co-authored-by: Richard Lau --- doc/meetings/2023-02-09.md | 55 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) create mode 100644 doc/meetings/2023-02-09.md diff --git a/doc/meetings/2023-02-09.md b/doc/meetings/2023-02-09.md new file mode 100644 index 0000000..a82b891 --- /dev/null +++ b/doc/meetings/2023-02-09.md @@ -0,0 +1,55 @@ +# Node.js Release WorkGroup Meeting 2023-02-09 + +## Links + +* **Recording**: https://youtu.be/AARWf6wInDc +* **GitHub Issue**: https://github.com/nodejs/Release/issues/823 +* **Minutes Google Doc**: https://docs.google.com/document/d/1Sd4yneHzM_vjegIF6Sp7-HPUg_97CgHJ22n5kD661ro + +## Present + +* Rafael Gonzaga: (@RafaelGSS) +* Richard Lau (@richardlau) +* Juan Arboleda (@juanarbol) +* Ruy Adorno (@ruyadorno) +* Beth Griggs (@BethGriggs) +* Michaƫl Zasso (@targos) + +## Agenda + +## Announcements + +* Richard: Security releases coming up next week, ref: https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/ +* Rafael working on a node-core-utils command to automate security releases, ref: https://github.com/nodejs/node-core-utils/pull/665 + +### nodejs/Release + +* Confusion around semver-minor commits [#820](https://github.com/nodejs/Release/issues/820) + * Clarify that from the releasers point of view every semver-minor commit is picked up as a notable-change unless stated otherwise + * Beth proposed a new bot that would comment and ask for a write-up when the notable-change label is added to a PR +* Plans for npm 9 [#778](https://github.com/nodejs/Release/issues/778) + * Let's try to chat with the npm cli team to align on future updates +* Release plan - v19.x Current [#793](https://github.com/nodejs/Release/issues/793) + * Postponing the next v19.x release since a new Security Release is scheduled for next week +* Release plan - v18.x Active LTS [#737](https://github.com/nodejs/Release/issues/737) + * Juan signed up for a v18.x release later this month +* Release plan - v16.x Maintenance [#658](https://github.com/nodejs/Release/issues/658) + * Aim for a march release, there's already a Security Release coming out this month +* Release plan - v14.x Maintenance LTS [#567](https://github.com/nodejs/Release/issues/567) + * Aiming for a tentive last release in march before it goes EOL + +### nodejs/release-keys + +* v18 and v19 are signed by a public key not captured in this keyring [#21](https://github.com/nodejs/release-keys/issues/21) + +### nodejs/nodejs-dependency-vuln-assessments + +* CVE-2022-3517 (npm) found on v14.x (Manual) [#88](https://github.com/nodejs/nodejs-dependency-vuln-assessments/issues/88) + * The npm update that fixes these issues should be going out as part of the next week Security Release + +## Upcoming Meetings + +* **Node.js Project Calendar**: + +Click `+GoogleCalendar` at the bottom right to add to your own Google calendar. +