node-core-utils icon indicating copy to clipboard operation
node-core-utils copied to clipboard

Published 20 hours ago verified publisher icon nodejs

feat: security post release blogpost

Open marco-ippolito opened this issue 1 year ago • 3 comments

Pos release blogpost cc @RafaelGSS

marco-ippolito avatar Mar 22 '24 12:03 marco-ippolito

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 82.97%. Comparing base (e3e19b3) to head (0db4650). Report is 5 commits behind head on main.

:exclamation: Current head 0db4650 differs from pull request most recent head 0c11384

Please upload reports for the commit 0c11384 to get more accurate results.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main     #785      +/-   ##
==========================================
- Coverage   83.08%   82.97%   -0.12%     
==========================================
  Files          37       37              
  Lines        4251     4200      -51     
==========================================
- Hits         3532     3485      -47     
+ Misses        719      715       -4

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

codecov[bot] avatar Mar 22 '24 12:03 codecov[bot]

once this lands: https://github.com/nodejs/node-core-utils/pull/788 we can automatically pull in dependencies and openssl updates

marco-ippolito avatar Mar 26 '24 16:03 marco-ippolito

blocked by: https://github.com/nodejs/node-core-utils/pull/788 I will have to update the workflow once this lands

marco-ippolito avatar Mar 27 '24 07:03 marco-ippolito

This is a minor inconsistency note, but we used to add (Update <date>) to the blog posts as they were updated, e.g.

  • https://nodejs.org/en/blog/vulnerability/february-2024-security-releases
  • https://nodejs.org/en/blog/vulnerability/october-2023-security-releases

but didn't in the two most recent releases:

  • https://nodejs.org/en/blog/vulnerability/april-2024-security-releases
  • https://nodejs.org/en/blog/vulnerability/april-2024-security-releases-2

richardlau avatar Apr 19 '24 16:04 richardlau

Update

I thought that's for when the security release is delayed

marco-ippolito avatar Apr 19 '24 16:04 marco-ippolito

Check lint please

lint seems to pass locally what command are you running?

marco-ippolito avatar Apr 19 '24 16:04 marco-ippolito

Update

I thought that's for when the security release is delayed

I thought we also did that to denote the update from the pre-announcement.

richardlau avatar Apr 19 '24 16:04 richardlau

Check lint please

lint seems to pass locally what command are you running?

IIRC we are using * instead of - for listing vulnerabilities (or the inverse :sweat_smile:) and the linter of nodejs.org complains. Try to create a real example with vulnerabilities and run lint

RafaelGSS avatar Apr 19 '24 18:04 RafaelGSS

@marco-ippolito do you need some help here?

RafaelGSS avatar Jun 14 '24 13:06 RafaelGSS

@marco-ippolito do you need some help here?

Feel free to take over

marco-ippolito avatar Jun 14 '24 13:06 marco-ippolito

Also thir PR should fix https://github.com/nodejs-private/security-release/issues/27

marco-ippolito avatar Jun 14 '24 13:06 marco-ippolito