From 00f407363bb7b44a3a339c1ae3ce4fffcf42d1be Mon Sep 17 00:00:00 2001 From: RafaelGSS Date: Sat, 1 Feb 2025 18:55:21 -0300 Subject: [PATCH] doc: add 2025-01-30 minutes --- meetings/2025-01-30.md | 52 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+) create mode 100644 meetings/2025-01-30.md diff --git a/meetings/2025-01-30.md b/meetings/2025-01-30.md new file mode 100644 index 00000000..348187ae --- /dev/null +++ b/meetings/2025-01-30.md @@ -0,0 +1,52 @@ +# Node.js Security team Meeting 2025-01-30 + +## Links + +* **Recording**: https://www.youtube.com/watch?v=iEgHs7V6BvU +* **GitHub Issue**: https://github.com/nodejs/security-wg/issues/1431 +* **Minutes Google Doc**: https://docs.google.com/document/d/10qmMTdpDWZDf04mNObBWQTKK_xlZa2zify7x6CiVsO4/edit?tab=t.0 + +## Present + +* Rafael Gonzaga: @RafaelGSS +* Michael Dawson: @mhdawson +* Thomas GENTILHOMME: @fraxken +* Robert W + +## Agenda + +## Announcements + +*Extracted from **security-wg-agenda** labelled issues and pull requests from the **nodejs org** prior to the meeting. + +- [X] Vulnerability Review - https://github.com/nodejs/nodejs-dependency-vuln-assessments/issues + * Nothing new this week + +- [X] OpenSSF Scorecard Monitor Review - https://github.com/nodejs/security-wg/issues?q=is%3Aissue+OpenSSF+Scorecard+Report+Updated%21+ + * No update this week + +### nodejs/node + +* src: add WDAC integration (Windows) [#54364](https://github.com/nodejs/node/pull/54364) + * Remaining feedback has been addressed on the PR + * Discussion on how to move forward. + +### nodejs/security-wg + +* Node.js maintainers: Threat Model [#1333](https://github.com/nodejs/security-wg/issues/1333) + * Rafael will sync the progress from this meeting with Github once other PRs gets landed + +* Audit build process for dependencies [#1037](https://github.com/nodejs/security-wg/issues/1037) + * Michael, next step is looking at updaters for amaro and cjs-module-lexer + +* Automate security release process [#860](https://github.com/nodejs/security-wg/issues/860) + * Excellent progress since Dec 24. A blog post is being created to share with OpenJS Foundation (part of OpenSSF) + +## Q&A, Other + +## Upcoming Meetings + +* **Node.js Project Calendar**: + +Click `+GoogleCalendar` at the bottom right to add to your own Google calendar. +