From af23d8aab08d8013f4f56f2850e7a5f7469c1c0b Mon Sep 17 00:00:00 2001 From: Michael Dawson Date: Wed, 25 Oct 2023 15:39:56 -0400 Subject: [PATCH 1/6] doc: add minutes for meeting 18 Dec 2023 Signed-off-by: Michael Dawson --- meetings/2023-10-18.md | 81 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 81 insertions(+) create mode 100644 meetings/2023-10-18.md diff --git a/meetings/2023-10-18.md b/meetings/2023-10-18.md new file mode 100644 index 00000000..d8ee95c5 --- /dev/null +++ b/meetings/2023-10-18.md @@ -0,0 +1,81 @@ +# Node.js Technical Steering Committee (TSC) Meeting 2023-10-18 + +## Links + +* **Recording**: +* **GitHub Issue**: + +## Present + +* Yagiz Nizipli @anonrig (voting member) +* Chengzhong Wu @legendecas (voting member) +* Matteo Collina @mcollina (voting member) +* Michael Dawson @mhdawson (voting member) +* Darshan Sen @RaisinTen (voting member) +* Richard Lau @richardlau (voting member) +* Robert Nagy @ronag (voting member) +* Amir Montazery - Guest from OSTIF to talk about security audit + +## Agenda + +### Announcements + +* Node.js v21 came out!!! +* Node.js 20 promoted to LTS next week + +### CPC and Board Meeting Updates + +*Extracted from **tsc-agenda** labeled issues and pull requests from the **nodejs org** prior to the meeting.* + +* Travel fund out of money, asking 10k to the Board. + +### nodejs/node + +* discuss: a periodic event for looking into CI reliability issues [#49939](https://github.com/nodejs/node/issues/49939) + * on agenda for FYI - want as many people as possible to attend/participate + * no concerns with doing an at mention to all collaborators + * Matteo - should this be a strategic initiative? + +* deps,doc,lib,src,test: add experimental web storage [#50169](https://github.com/nodejs/node/pull/50169) + * skipped as we ran out of time + +* Revert "doc: promote fetch/webstreams from experimental to stable" [#49867](https://github.com/nodejs/node/pull/49867) + * skipped as we ran out of time + +* tools: add package-lock when installing npm dependency [#49747](https://github.com/nodejs/node/pull/49747) + * skipped as we ran out of time + +* The env var `NODE_V8_COVERAGE` intermittently causes the test runner to hang [#49344](https://github.com/nodejs/node/issues/49344) + * skipped as we ran out of time + +### nodejs/TSC + +* Amir From OSTIF: Discuss Node.js Security Audit [#1454](https://github.com/nodejs/TSC/issues/1454) + * Guides and supporting documentation - +*OSTIF provides security audits to CNCF, nvm and Fastify +*OSTIF recommends a Node.js Security Audit +*The team at OSTIF is keen in helping the implementing security fixes too. +*Micheal says we need to fund people from the project to implement the fixes +*Micheal: trying to complete in the next 2 months is going to be very hard. +*Ostif: usually they follow after 90 days, but possible an exception +*Matteo: a flurry of vulnerabilities will overwhelm the maintainers +*Micheal: volunteers burn out +*Matteo: there are always vulnerabilities ready to go out +*Matteo: verify if Rafael could take point +*Catch up in two weeks. + +### nodejs/admin + +* Create `nodejs/socket` repository for Node.js implementation of Cloudflare's Socket API [#826](https://github.com/nodejs/admin/issues/826) + +## Strategic Initiatives + +* Next10 - Michael Nothing new to report this week +* Shadow Realm - Chengzhong - nothing to report this week +* Single Executable - Darshan - no updates + +## Upcoming Meetings + +* **Node.js Project Calendar**: + +Click `+GoogleCalendar` at the bottom right to add to your own Google calendar. From 309bf5a683b66db3494300d4dc7f12981afcd524 Mon Sep 17 00:00:00 2001 From: Michael Dawson Date: Wed, 25 Oct 2023 15:45:45 -0400 Subject: [PATCH 2/6] make linter happy --- meetings/2023-10-18.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/meetings/2023-10-18.md b/meetings/2023-10-18.md index d8ee95c5..155de164 100644 --- a/meetings/2023-10-18.md +++ b/meetings/2023-10-18.md @@ -37,16 +37,16 @@ * Matteo - should this be a strategic initiative? * deps,doc,lib,src,test: add experimental web storage [#50169](https://github.com/nodejs/node/pull/50169) - * skipped as we ran out of time + * skipped as we ran out of time * Revert "doc: promote fetch/webstreams from experimental to stable" [#49867](https://github.com/nodejs/node/pull/49867) - * skipped as we ran out of time + * skipped as we ran out of time * tools: add package-lock when installing npm dependency [#49747](https://github.com/nodejs/node/pull/49747) - * skipped as we ran out of time + * skipped as we ran out of time * The env var `NODE_V8_COVERAGE` intermittently causes the test runner to hang [#49344](https://github.com/nodejs/node/issues/49344) - * skipped as we ran out of time + * skipped as we ran out of time ### nodejs/TSC From 58198688823dcb929e5297afdc2ca0f5f9dd5195 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tobias=20Nie=C3=9Fen?= Date: Thu, 26 Oct 2023 21:10:15 +0200 Subject: [PATCH 3/6] Update meetings/2023-10-18.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Ulises Gascón --- meetings/2023-10-18.md | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/meetings/2023-10-18.md b/meetings/2023-10-18.md index 155de164..d35e20db 100644 --- a/meetings/2023-10-18.md +++ b/meetings/2023-10-18.md @@ -52,17 +52,17 @@ * Amir From OSTIF: Discuss Node.js Security Audit [#1454](https://github.com/nodejs/TSC/issues/1454) * Guides and supporting documentation - -*OSTIF provides security audits to CNCF, nvm and Fastify -*OSTIF recommends a Node.js Security Audit -*The team at OSTIF is keen in helping the implementing security fixes too. -*Micheal says we need to fund people from the project to implement the fixes -*Micheal: trying to complete in the next 2 months is going to be very hard. -*Ostif: usually they follow after 90 days, but possible an exception -*Matteo: a flurry of vulnerabilities will overwhelm the maintainers -*Micheal: volunteers burn out -*Matteo: there are always vulnerabilities ready to go out -*Matteo: verify if Rafael could take point -*Catch up in two weeks. + *OSTIF provides security audits to CNCF, nvm and Fastify + *OSTIF recommends a Node.js Security Audit + *The team at OSTIF is keen in helping the implementing security fixes too. + *Micheal says we need to fund people from the project to implement the fixes + *Micheal: trying to complete in the next 2 months is going to be very hard. + *Ostif: usually they follow after 90 days, but possible an exception + *Matteo: a flurry of vulnerabilities will overwhelm the maintainers + *Micheal: volunteers burn out + *Matteo: there are always vulnerabilities ready to go out + *Matteo: verify if Rafael could take point + *Catch up in two weeks. ### nodejs/admin From 1555133da53385f28ededf86940b08165e3c53fd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tobias=20Nie=C3=9Fen?= Date: Thu, 26 Oct 2023 21:11:06 +0200 Subject: [PATCH 4/6] Update meetings/2023-10-18.md --- meetings/2023-10-18.md | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/meetings/2023-10-18.md b/meetings/2023-10-18.md index d35e20db..ce63cd8a 100644 --- a/meetings/2023-10-18.md +++ b/meetings/2023-10-18.md @@ -52,17 +52,17 @@ * Amir From OSTIF: Discuss Node.js Security Audit [#1454](https://github.com/nodejs/TSC/issues/1454) * Guides and supporting documentation - - *OSTIF provides security audits to CNCF, nvm and Fastify - *OSTIF recommends a Node.js Security Audit - *The team at OSTIF is keen in helping the implementing security fixes too. - *Micheal says we need to fund people from the project to implement the fixes - *Micheal: trying to complete in the next 2 months is going to be very hard. - *Ostif: usually they follow after 90 days, but possible an exception - *Matteo: a flurry of vulnerabilities will overwhelm the maintainers - *Micheal: volunteers burn out - *Matteo: there are always vulnerabilities ready to go out - *Matteo: verify if Rafael could take point - *Catch up in two weeks. + * OSTIF provides security audits to CNCF, nvm and Fastify + * OSTIF recommends a Node.js Security Audit + * The team at OSTIF is keen in helping the implementing security fixes too. + * Micheal says we need to fund people from the project to implement the fixes + * Micheal: trying to complete in the next 2 months is going to be very hard. + * Ostif: usually they follow after 90 days, but possible an exception + * Matteo: a flurry of vulnerabilities will overwhelm the maintainers + * Micheal: volunteers burn out + * Matteo: there are always vulnerabilities ready to go out + * Matteo: verify if Rafael could take point + * Catch up in two weeks. ### nodejs/admin From b0dc04022f0b280588af3ba07b5454a49e68ffc9 Mon Sep 17 00:00:00 2001 From: Michael Dawson Date: Fri, 17 Nov 2023 08:50:52 -0500 Subject: [PATCH 5/6] add video link --- meetings/2023-10-18.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meetings/2023-10-18.md b/meetings/2023-10-18.md index ce63cd8a..9d30d816 100644 --- a/meetings/2023-10-18.md +++ b/meetings/2023-10-18.md @@ -2,7 +2,7 @@ ## Links -* **Recording**: +* **Recording**: https://youtube.com/live/dYEq-RB1tME * **GitHub Issue**: ## Present From 01736149c014b12bb8e252b0aadbc637dba57e94 Mon Sep 17 00:00:00 2001 From: Michael Dawson Date: Fri, 17 Nov 2023 08:53:07 -0500 Subject: [PATCH 6/6] Update 2023-10-18.md --- meetings/2023-10-18.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meetings/2023-10-18.md b/meetings/2023-10-18.md index 9d30d816..1976e266 100644 --- a/meetings/2023-10-18.md +++ b/meetings/2023-10-18.md @@ -2,7 +2,7 @@ ## Links -* **Recording**: https://youtube.com/live/dYEq-RB1tME +* **Recording**: * **GitHub Issue**: ## Present