From 475f93b7344a56d5524718e94a0fd1a5143bea3d Mon Sep 17 00:00:00 2001 From: RafaelGSS Date: Thu, 27 Feb 2025 14:15:51 -0300 Subject: [PATCH] doc: add 2025-02-27 minutes --- meetings/2025-02-27.md | 52 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+) create mode 100644 meetings/2025-02-27.md diff --git a/meetings/2025-02-27.md b/meetings/2025-02-27.md new file mode 100644 index 00000000..962877fd --- /dev/null +++ b/meetings/2025-02-27.md @@ -0,0 +1,52 @@ +# Node.js Security team Meeting 2025-02-27 + +## Links + +* **Recording**: https://www.youtube.com/watch?v=lhTDze989ms&ab_channel=node.js +* **GitHub Issue**: https://github.com/nodejs/security-wg/issues/1441 +* **Minutes Google Doc**: https://docs.google.com/document/d/1iONVF6UNlberUFWhoNw-i6BvteXmX1sWs2ng7wc20WQ/edit?tab=t.0 + +## Present + +* Security wg team: @nodejs/security-wg +* Rafael Gonzaga: @RafaelGSS +* Thomas GENTILHOMME: @fraxken +* Robert W +* Hida W + +## Agenda + +## Announcements + +*Extracted from **security-wg-agenda** labelled issues and pull requests from the **nodejs org** prior to the meeting. + +- [X] Vulnerability Review - https://github.com/nodejs/nodejs-dependency-vuln-assessments/issues +- [X] OpenSSF Scorecard Monitor Review - https://github.com/nodejs/security-wg/issues?q=is%3Aissue+OpenSSF+Scorecard+Report+Updated%21+ +Skipping + +### nodejs/node + +* src: add WDAC integration (Windows) [#54364](https://github.com/nodejs/node/pull/54364) + +### nodejs/security-wg + +* OpenJS Security Compliance Checker #1440 + * Skipped to the next meeting. (Waiting for more security-team participants) + +* Node.js maintainers: Threat Model #1333 + * Rafael will make a PR to sync it with nodejs/security-wg + +* Audit build process for dependencies [#1037](https://github.com/nodejs/security-wg/issues/1037) + * Skipped as Michael didn’t join + +* Automate security release process [#860](https://github.com/nodejs/security-wg/issues/860) + * Rafael changelog fix and will create a PR for branch-diff to fix the changelog generation for security releases + +## Q&A, Other + +## Upcoming Meetings + +* **Node.js Project Calendar**: + +Click `+GoogleCalendar` at the bottom right to add to your own Google calendar. +