Facundo Tuesca

As a possible reference, [this](https://github.com/osquery/osquery/blob/master/ASSURANCE.md) is how `osquery` documents their threat model, along with its considerations for security and the design decisions taken in consequence.

@lirantal > How would you know what are false positives to put in the ignore list? (referring to step 5 in your outlined strategy). It really is a judgement call...

@lirantal @UlisesGascon > Checking that in CI means what exactly though...? it seems out of context because as a team I may have 5 microservices I'm building, all of which...

In short, the use case of the script would be: - A new vulnerability is found in a dependency of Node.js, such as [brotli](https://github.com/nodejs/node/tree/master/deps/brotli) - During a scheduled CI run...

PR with the script is open for review [here](https://github.com/nodejs-private/node-private/pull/321)

@mhdawson I'll start working on this (looking at all dependencies and see which ones we could update with a script). Should we change the title of the issue to match...

@mhdawson The following dependencies are already updated automatically via a Github action: - corepack ([action](https://github.com/nodejs/node/blob/main/.github/workflows/tools.yml#L31-L36) and [Makefile target](https://github.com/nodejs/node/blob/main/Makefile#L1145-L1154)) - eslint ([action](https://github.com/nodejs/node/blob/main/.github/workflows/tools.yml#L20-L30) and [script](https://github.com/nodejs/node/blob/main/tools/update-eslint.sh)) - undici ([action](https://github.com/nodejs/node/blob/main/.github/workflows/tools.yml#L71-L80) and [script](https://github.com/nodejs/node/blob/main/tools/update-undici.sh)) The following...

So far we have added: - acorn: https://github.com/nodejs/node/pull/45357 - base64: https://github.com/nodejs/node/pull/45300 - libuv: https://github.com/nodejs/node/pull/45362 Currently on review: - OpenSSL: https://github.com/nodejs/node/pull/45605 cc @RafaelGSS

Given that PKCS#7 has been deprecated and removed from PyOpenSSL, and that an alternative for using this API is available in `cryptography`, I think this one could be closed cc...

Given that the requested bindings are for a feature that is effectively legacy, and no new comments have been added since Apr 2022, I suggest we close this one. cc...