Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

doc: add minutes 2023-01-05 #857

Merged
merged 1 commit into from
Jan 6, 2023
Merged

doc: add minutes 2023-01-05 #857

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
55 changes: 55 additions & 0 deletions meetings/2023-01-05.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
# Node.js Security WorkGroup Meeting 2023-01-05

## Links

* **Recording**: http://www.youtube.com/watch?v=5qxzF0v-nPc
* **GitHub Issue**: https://github.com/nodejs/security-wg/issues/855

## Present

* GENTILHOMME Thomas: @fraxken
* Ulises Gascon: @ulisesGascon
* Michael Dawson: @mhdawson
* Rafael Gonzaga: @rafaelgss
* Joe Sepi: @joesepi

## Agenda

## Announcements

*Extracted from **security-wg-agenda** labeled issues and pull requests from the **nodejs org** prior to the meeting.

- [X] Vulnerability Review - https://github.com/nodejs/nodejs-dependency-vuln-assessments/issues

### nodejs/security-wg

* Abort when vulnerable flag [#852](https://github.com/nodejs/security-wg/issues/852)
* @rafaelgss will create a module as a first step that will do the check, could be used with npx

* Add OSSF Scorecard [#851](https://github.com/nodejs/security-wg/issues/851)
* Will defer to next meeting and make sure we give Gabriela a heads up on the meeting time

* Permission Model [#791](https://github.com/nodejs/security-wg/issues/791)
* Rafael made a good progress
* He’s waiting access to a windows machine to fix a test bug
* There are some discussions but no objections, so the feature will be soon approved/merged

* Node.js Security WG Initiatives 2023 [#846](https://github.com/nodejs/security-wg/issues/846)
* Rafael will open an issue on OpenSSL project to see how doable is to get early security patches.
* All the updates were commented in the issue
* TL;DR: We have defined the 2023 initiatives

* Automate updates of all dependencies [#828](https://github.com/nodejs/security-wg/issues/828)


### nodejs/nodejs-dependency-vuln-assessments

* Recursive support on Node.js dependencies [#89](https://github.com/nodejs/nodejs-dependency-vuln-assessments/issues/89)

## Q&A, Other

## Upcoming Meetings

* **Node.js Project Calendar**: <https://nodejs.org/calendar>

Click `+GoogleCalendar` at the bottom right to add to your own Google calendar.