Skip to content

[pull] main from nodejs:main #45

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 287 commits into
base: main
Choose a base branch
from
Open

[pull] main from nodejs:main #45

wants to merge 287 commits into from
+12,476 −8,736

Conversation

pull[bot]
Copy link

@pull pull bot commented Feb 22, 2023
edited
Loading

See Commits and Changes for more details.

Created by pull[bot] (v2.0.0-alpha.2)

Can you help keep this open source service alive? 💖 Please sponsor : )

@pull pull bot added ⤵️ pull merge-conflict Resolve conflicts manually labels Feb 22, 2023
UlisesGascon and others added 28 commits April 1, 2023 19:47
@UlisesGascon
Updated Scorecard Report (#939)
62f3ebb 
Co-authored-by: github-actions <[email protected]>
@UlisesGascon @RafaelGSS
@tniessen @mhdawson
docs: added meeting notes for 2023-03-30 (#941)
7b66370 
* docs: added meeting notes for 2023-03-30

Related #932

* Apply suggestions from code review

Co-authored-by: Tobias Nießen <[email protected]>
Co-authored-by: Michael Dawson <[email protected]>

---------

Co-authored-by: Rafael Gonzaga <[email protected]>
Co-authored-by: Tobias Nießen <[email protected]>
Co-authored-by: Michael Dawson <[email protected]>
@dependabot
build(deps): bump step-security/harden-runner from 2.2.1 to 2.3.0 (#943)
d19216b 
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.2.1 to 2.3.0.
- [Release notes](https://github.com/step-security/harden-runner/releases)
- [Commits](step-security/harden-runner@1f99358...03bee39)

---
updated-dependencies:
- dependency-name: step-security/harden-runner
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
build(deps): bump github/codeql-action from 2.2.7 to 2.2.11 (#944)
9c67562 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.2.7 to 2.2.11.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@v2.2.7...d186a2a)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
build(deps): bump axios from 0.21.4 to 1.3.5 (#947)
2618272 
Bumps [axios](https://github.com/axios/axios) from 0.21.4 to 1.3.5.
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](axios/axios@v0.21.4...v1.3.5)

---
updated-dependencies:
- dependency-name: axios
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
build(deps): bump actions/checkout from 3.5.0 to 3.5.1 (#948)
b6ec921 
Bumps [actions/checkout](https://github.com/actions/checkout) from 3.5.0 to 3.5.1.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@8f4b7f8...83b7061)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@UlisesGascon
Update Scorecard reporting (manually) (#946)
ff70c2f 
* Updated Scorecard Report

* Updated Scorecard Report

* Updated Scorecard Report

---------

Co-authored-by: github-actions <[email protected]>
@dependabot
build(deps): bump github/codeql-action from 2.2.11 to 2.2.12 (#951)
9ec13e1 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.2.11 to 2.2.12.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@d186a2a...7df0ce3)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
build(deps): bump actions/checkout from 3.5.1 to 3.5.2 (#950)
6e3ea19 
Bumps [actions/checkout](https://github.com/actions/checkout) from 3.5.1 to 3.5.2.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@83b7061...8e5e7e5)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@RafaelGSS @UlisesGascon
doc: add meeting minutes 2023-04-13 (#949)
361b8bf 
* doc: add meeting minutes 2023-04-13

* Update meetings/2023-04-13.md

Co-authored-by: Ulises Gascón <[email protected]>

---------

Co-authored-by: Ulises Gascón <[email protected]>
@UlisesGascon
fix: removed CRON scorecard reporting CRON job (#952)
8a98cd3 
Related to:
- #908
- #949
@dependabot
build(deps): bump semver from 7.3.8 to 7.5.0 (#957)
a3c0271 
Bumps [semver](https://github.com/npm/node-semver) from 7.3.8 to 7.5.0.
- [Release notes](https://github.com/npm/node-semver/releases)
- [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md)
- [Commits](npm/node-semver@v7.3.8...v7.5.0)

---
updated-dependencies:
- dependency-name: semver
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
build(deps): bump step-security/harden-runner from 2.3.0 to 2.3.1 (#958)
99b30c0 
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.3.0 to 2.3.1.
- [Release notes](https://github.com/step-security/harden-runner/releases)
- [Commits](step-security/harden-runner@03bee39...6b3083a)

---
updated-dependencies:
- dependency-name: step-security/harden-runner
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
build(deps): bump github/codeql-action from 2.2.12 to 2.3.0 (#959)
a97bce9 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.2.12 to 2.3.0.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@7df0ce3...b2c19fb)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@UlisesGascon
chore: bump openssf-scorecard-monitor to v2.0.0-beta4 (#960)
4f6d946 
See: 
- https://github.com/UlisesGascon/openssf-scorecard-monitor/releases/tag/v2.0.0-beta4
- https://github.com/UlisesGascon/openssf-scorecard-monitor/releases/tag/v2.0.0-beta3
@dependabot
build(deps): bump axios from 1.3.5 to 1.3.6 (#964)
436ca24 
Bumps [axios](https://github.com/axios/axios) from 1.3.5 to 1.3.6.
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](axios/axios@v1.3.5...v1.3.6)

---
updated-dependencies:
- dependency-name: axios
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
build(deps): bump github/codeql-action from 2.3.0 to 2.3.1 (#966)
b0765db 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.3.0 to 2.3.1.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@b2c19fb...8662eab)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@UlisesGascon
Updated Scorecard Report (#965)
648c6a4 
Co-authored-by: github-actions <[email protected]>
@dependabot
build(deps): bump github/codeql-action from 2.3.1 to 2.3.2 (#967)
5ceb2a0 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.3.1 to 2.3.2.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@8662eab...f3feb00)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@KoolTheba
chore: upgraded OpenSSF scorecard monitor version (#968)
6d54935 
Context:
- ossf/scorecard-visualizer#34
@UlisesGascon @RafaelGSS
doc: add meeting minutes 2023-04-13 (#969)
9454a25 
Related: #961
-----------

Co-authored-by: RafaelGSS <[email protected]>
@dependabot
build(deps): bump axios from 1.3.6 to 1.4.0 (#971)
0fe1b71 
Bumps [axios](https://github.com/axios/axios) from 1.3.6 to 1.4.0.
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](axios/axios@v1.3.6...v1.4.0)

---
updated-dependencies:
- dependency-name: axios
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
build(deps): bump yargs from 17.7.1 to 17.7.2 (#970)
8aebbdd 
Bumps [yargs](https://github.com/yargs/yargs) from 17.7.1 to 17.7.2.
- [Release notes](https://github.com/yargs/yargs/releases)
- [Changelog](https://github.com/yargs/yargs/blob/main/CHANGELOG.md)
- [Commits](yargs/yargs@v17.7.1...v17.7.2)

---
updated-dependencies:
- dependency-name: yargs
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
build(deps): bump github/codeql-action from 2.3.2 to 2.3.3 (#974)
bdf5cd4 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.3.2 to 2.3.3.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@f3feb00...29b1f65)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
build(deps): bump step-security/harden-runner from 2.3.1 to 2.4.0 (#975)
b9075e4 
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.3.1 to 2.4.0.
- [Release notes](https://github.com/step-security/harden-runner/releases)
- [Commits](step-security/harden-runner@6b3083a...128a634)

---
updated-dependencies:
- dependency-name: step-security/harden-runner
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@DanielRuf
docs: Remove mentions of the triage team (#979)
d77dea3
@RafaelGSS
doc: update current initiative champion and link (#976)
b3757f5
@UlisesGascon
Updated Scorecard Report (#981)
e088189 
Co-authored-by: github-actions <[email protected]>
RafaelGSS and others added 30 commits January 21, 2025 16:05
@RafaelGSS
vuln: add latest security release (#1428)
ef64a63 
Refs: nodejs-private/security-release#41
@github-actions @RafaelGSS
update core index.json (#1429)
60363ee 
* vuln: update core index.json

* vuln: update core index.json

* vuln: update core index.json

* vuln: update core index.json

---------

Co-authored-by: Create or Update Pull Request Action <[email protected]>
Co-authored-by: Rafael Gonzaga <[email protected]>
@RafaelGSS
doc: add docker-team as resource (#1426)
b6ac043 
* doc: add docker-team as resource

* Update MAINTAINERS_THREAT_MODEL.md

* fixup! Update MAINTAINERS_THREAT_MODEL.md

* fixup! fixup! Update MAINTAINERS_THREAT_MODEL.md
@RafaelGSS @mhdawson
@anonrig @sxa @UlisesGascon @richardlau
doc: add binary generation threat (#1433)
58c5dbd 
* doc: add binary generation threat

* doc: add malicious docker images threat

* Update MAINTAINERS_THREAT_MODEL.md

Co-authored-by: Yagiz Nizipli <[email protected]>

* Apply suggestions from code review

Co-authored-by: Stewart X Addison <[email protected]>
Co-authored-by: Ulises Gascón <[email protected]>

* Apply suggestions from code review

Co-authored-by: Richard Lau <[email protected]>

* fixup! node-core-utils to w

---------

Co-authored-by: Michael Dawson <[email protected]>
Co-authored-by: Yagiz Nizipli <[email protected]>
Co-authored-by: Stewart X Addison <[email protected]>
Co-authored-by: Ulises Gascón <[email protected]>
Co-authored-by: Richard Lau <[email protected]>
@RafaelGSS
doc: add 2025-01-30 minutes (#1434)
e5c1583
@RafaelGSS
doc: add nodejs.org to resource list (#1435)
ca4d437
@nodejs-github-bot
Sync security vulnerabilities (#1437)
b89b725
@github-actions @RafaelGSS
update core index.json (#1438)
75c78bb 
Co-authored-by: Rafael Gonzaga <[email protected]>
@richardlau
doc: update security team access to Jenkins CI (#1439)
0a87d05 
During a CI embargo, security triagers and external still have access to the test CI.
@RafaelGSS
doc: add 2025-02-27 minutes (#1442)
426bc95
@github-actions
docs: OpenSSF Scorecard Report Updated (#1450)
469e793 
Co-authored-by: Create or Update Pull Request Action <[email protected]>
@UlisesGascon
chore: ignore remark-preset-lint-node from the OSSF Scoring reports (
75c2400 
…#1451)
@RafaelGSS
doc: add 2025-03-13 meeting notes (#1452)
dcd03ee
@RafaelGSS
doc: add Slack and Calendar to list of resources (#1454)
181a0d7 
* doc: add Slack as resource to maintainers threat model

As discussed in the Security team meeting, we should also include
slack to the list of resources

* doc: add Calendar as resource to maintainers threat model

As discussed in the Security team meeting
@UlisesGascon
feat: add pkgjs to the ossf scorecard monitor (#1457)
72325d0 
related #1456
@UlisesGascon
Revert "feat: add pkgjs to the ossf scorecard monitor (#1457)" (#1464)
6247876 
This reverts commit 72325d0.
@RafaelGSS
doc: add impairing ability to the project day 2 day (#1461)
8168845
@RafaelGSS
doc: add 2025-03-27 meeting minutes (#1467)
d7f42be
@bjohansebas
ci: fix stale workflow 'never stale' to 'never-stale' (#1468)
f7b6791
@Fdawgs
ci(codeql): add 'actions' to language matrix; update actions to v3 (#…
727e070 
…1462)

* ci(codeql): add actions to language matrix

* ci(codeql): bump codeql to v3
@Fdawgs
perf: use node: prefix to bypass require.cache call for builtins (#…
f95d494 
…1470)
@Fdawgs
ci: remove git credentials after checkout (#1472)
081635c
@github-actions
docs: OpenSSF Scorecard Report Updated (#1474)
1b56285 
Co-authored-by: Create or Update Pull Request Action <[email protected]>
@RafaelGSS
doc: add 2025-05-08 meeting minutes (#1476)
4561902
@RafaelGSS
Squashed commit of the following:
5d98a96 
commit d3fe76c
Author: RafaelGSS <[email protected]>
Date:   Wed May 14 19:04:29 2025 -0300

    chore: add latest security release
@github-actions
vuln: update core index.json (#1478)
c7e800a 
Co-authored-by: Create or Update Pull Request Action <[email protected]>
@nodejs-github-bot
Sync security vulnerabilities (#1485)
5b0422d
@github-actions @RafaelGSS
update core index.json (#1486)
cc80c07 
* vuln: update core index.json

* vuln: update core index.json

---------

Co-authored-by: Create or Update Pull Request Action <[email protected]>
Co-authored-by: Rafael Gonzaga <[email protected]>
@github-actions
docs: OpenSSF Scorecard Report Updated (#1489)
c3c6e17 
Co-authored-by: Create or Update Pull Request Action <[email protected]>
@RafaelGSS
doc: add 2025-06-05 meeting notes (#1490)
e1aca29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
⤵️ pull merge-conflict Resolve conflicts manually
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.