diff --git a/meetings/2023-10-18.md b/meetings/2023-10-18.md new file mode 100644 index 00000000..1976e266 --- /dev/null +++ b/meetings/2023-10-18.md @@ -0,0 +1,81 @@ +# Node.js Technical Steering Committee (TSC) Meeting 2023-10-18 + +## Links + +* **Recording**: +* **GitHub Issue**: + +## Present + +* Yagiz Nizipli @anonrig (voting member) +* Chengzhong Wu @legendecas (voting member) +* Matteo Collina @mcollina (voting member) +* Michael Dawson @mhdawson (voting member) +* Darshan Sen @RaisinTen (voting member) +* Richard Lau @richardlau (voting member) +* Robert Nagy @ronag (voting member) +* Amir Montazery - Guest from OSTIF to talk about security audit + +## Agenda + +### Announcements + +* Node.js v21 came out!!! +* Node.js 20 promoted to LTS next week + +### CPC and Board Meeting Updates + +*Extracted from **tsc-agenda** labeled issues and pull requests from the **nodejs org** prior to the meeting.* + +* Travel fund out of money, asking 10k to the Board. + +### nodejs/node + +* discuss: a periodic event for looking into CI reliability issues [#49939](https://github.com/nodejs/node/issues/49939) + * on agenda for FYI - want as many people as possible to attend/participate + * no concerns with doing an at mention to all collaborators + * Matteo - should this be a strategic initiative? + +* deps,doc,lib,src,test: add experimental web storage [#50169](https://github.com/nodejs/node/pull/50169) + * skipped as we ran out of time + +* Revert "doc: promote fetch/webstreams from experimental to stable" [#49867](https://github.com/nodejs/node/pull/49867) + * skipped as we ran out of time + +* tools: add package-lock when installing npm dependency [#49747](https://github.com/nodejs/node/pull/49747) + * skipped as we ran out of time + +* The env var `NODE_V8_COVERAGE` intermittently causes the test runner to hang [#49344](https://github.com/nodejs/node/issues/49344) + * skipped as we ran out of time + +### nodejs/TSC + +* Amir From OSTIF: Discuss Node.js Security Audit [#1454](https://github.com/nodejs/TSC/issues/1454) + * Guides and supporting documentation - + * OSTIF provides security audits to CNCF, nvm and Fastify + * OSTIF recommends a Node.js Security Audit + * The team at OSTIF is keen in helping the implementing security fixes too. + * Micheal says we need to fund people from the project to implement the fixes + * Micheal: trying to complete in the next 2 months is going to be very hard. + * Ostif: usually they follow after 90 days, but possible an exception + * Matteo: a flurry of vulnerabilities will overwhelm the maintainers + * Micheal: volunteers burn out + * Matteo: there are always vulnerabilities ready to go out + * Matteo: verify if Rafael could take point + * Catch up in two weeks. + +### nodejs/admin + +* Create `nodejs/socket` repository for Node.js implementation of Cloudflare's Socket API [#826](https://github.com/nodejs/admin/issues/826) + +## Strategic Initiatives + +* Next10 - Michael Nothing new to report this week +* Shadow Realm - Chengzhong - nothing to report this week +* Single Executable - Darshan - no updates + +## Upcoming Meetings + +* **Node.js Project Calendar**: + +Click `+GoogleCalendar` at the bottom right to add to your own Google calendar.