diff --git a/meetings/2023-01-05.md b/meetings/2023-01-05.md new file mode 100644 index 000000000..5e3ea6f4f --- /dev/null +++ b/meetings/2023-01-05.md @@ -0,0 +1,55 @@ +# Node.js Security WorkGroup Meeting 2023-01-05 + +## Links + +* **Recording**: http://www.youtube.com/watch?v=5qxzF0v-nPc +* **GitHub Issue**: https://github.com/nodejs/security-wg/issues/855 + +## Present + +* GENTILHOMME Thomas: @fraxken +* Ulises Gascon: @ulisesGascon +* Michael Dawson: @mhdawson +* Rafael Gonzaga: @rafaelgss +* Joe Sepi: @joesepiw + +## Agenda + +## Announcements + +*Extracted from **security-wg-agenda** labeled issues and pull requests from the **nodejs org** prior to the meeting. + +- [X] Vulnerability Review - https://github.com/nodejs/nodejs-dependency-vuln-assessments/issues + +### nodejs/security-wg + +* Abort when vulnerable flag [#852](https://github.com/nodejs/security-wg/issues/852) + * @rafaelgss will create a module as a first step that will do the check, could be used with npx + +* Add OSSF Scorecard [#851](https://github.com/nodejs/security-wg/issues/851) + * Will defer to next meeting and make sure we give Gabriela a heads up on the meeting time + +* Permission Model [#791](https://github.com/nodejs/security-wg/issues/791) + * Rafael made a good progress + * He’s waiting access to a windows machine to fix a test bug + * There are some discussions but no objections, so the feature will be soon approved/merged + +* Node.js Security WG Initiatives 2023 [#846](https://github.com/nodejs/security-wg/issues/846) + * Rafael will open an issue on OpenSSL project to see how doable is to get early security patches. + * All the updates were commented in the issue + * TL;DR: We have defined the 2023 initiatives + +* Automate updates of all dependencies [#828](https://github.com/nodejs/security-wg/issues/828) + + +### nodejs/nodejs-dependency-vuln-assessments + +* Recursive support on Node.js dependencies [#89](https://github.com/nodejs/nodejs-dependency-vuln-assessments/issues/89) + +## Q&A, Other + +## Upcoming Meetings + +* **Node.js Project Calendar**: + +Click `+GoogleCalendar` at the bottom right to add to your own Google calendar.