doc: add additional guidance for PRs to deps #53499
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- add additional guidance based in discussion related to recent PR to dependency and discussion within the security-wg slack channel. Refs: nodejs/security-wg#1329 Signed-off-by: Michael Dawson <midawson@redhat.com>
|
Review requested:
|
This was referenced Jun 18, 2024
RafaelGSS
approved these changes
Jun 18, 2024
legendecas
approved these changes
Jun 18, 2024
marco-ippolito
approved these changes
Jun 18, 2024
RedYetiDev
reviewed
Jun 18, 2024
targos
approved these changes
Jun 18, 2024
aduh95
reviewed
Jun 19, 2024
Comment on lines
+147
to
+150
| PRs for manual dependency updates should only be accepted if | ||
| the update cannot be generated by the automated tooling, | ||
| the reason is clearly documented and either the PR is | ||
| reviewed in detail or it is from an existing collaborator. |
There was a problem hiding this comment.
Should we add a note about only accepting changes that have landed upstream, and "the TSC may grant exception on a case-by-case basis"? I think it's already more or less the policy we're currently organically following, so IMO it'd make sense explicitly state it out.
There was a problem hiding this comment.
@aduh95 that is a good idea.
There was a problem hiding this comment.
@aduh95 added some wording along those lines.
UlisesGascon
approved these changes
Jun 19, 2024
lpinca
approved these changes
Jun 19, 2024
richardlau
reviewed
Jun 19, 2024
Signed-off-by: Michael Dawson <midawson@redhat.com>
richardlau
approved these changes
Jun 19, 2024
marco-ippolito
added
the
author ready
mhdawson
added a commit
that referenced
this pull request
Jun 20, 2024
- add additional guidance based in discussion related to recent PR to dependency and discussion within the security-wg slack channel. Refs: nodejs/security-wg#1329 Signed-off-by: Michael Dawson <midawson@redhat.com> PR-URL: #53499 Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com> Reviewed-By: Chengzhong Wu <legendecas@gmail.com> Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com> Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Ulises Gascón <ulisesgascongonzalez@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Richard Lau <rlau@redhat.com>
|
Landed in 53e9106 |
eliphazbouye
pushed a commit
to eliphazbouye/node
that referenced
this pull request
Jun 20, 2024
- add additional guidance based in discussion related to recent PR to dependency and discussion within the security-wg slack channel. Refs: nodejs/security-wg#1329 Signed-off-by: Michael Dawson <midawson@redhat.com> PR-URL: nodejs#53499 Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com> Reviewed-By: Chengzhong Wu <legendecas@gmail.com> Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com> Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Ulises Gascón <ulisesgascongonzalez@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Richard Lau <rlau@redhat.com>
targos
pushed a commit
that referenced
this pull request
Jun 21, 2024
- add additional guidance based in discussion related to recent PR to dependency and discussion within the security-wg slack channel. Refs: nodejs/security-wg#1329 Signed-off-by: Michael Dawson <midawson@redhat.com> PR-URL: #53499 Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com> Reviewed-By: Chengzhong Wu <legendecas@gmail.com> Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com> Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Ulises Gascón <ulisesgascongonzalez@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Richard Lau <rlau@redhat.com>
bmeck
pushed a commit
to bmeck/node
that referenced
this pull request
Jun 22, 2024
- add additional guidance based in discussion related to recent PR to dependency and discussion within the security-wg slack channel. Refs: nodejs/security-wg#1329 Signed-off-by: Michael Dawson <midawson@redhat.com> PR-URL: nodejs#53499 Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com> Reviewed-By: Chengzhong Wu <legendecas@gmail.com> Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com> Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Ulises Gascón <ulisesgascongonzalez@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Richard Lau <rlau@redhat.com>
marco-ippolito
pushed a commit
that referenced
this pull request
Jul 19, 2024
- add additional guidance based in discussion related to recent PR to dependency and discussion within the security-wg slack channel. Refs: nodejs/security-wg#1329 Signed-off-by: Michael Dawson <midawson@redhat.com> PR-URL: #53499 Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com> Reviewed-By: Chengzhong Wu <legendecas@gmail.com> Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com> Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Ulises Gascón <ulisesgascongonzalez@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Richard Lau <rlau@redhat.com>
marco-ippolito
pushed a commit
that referenced
this pull request
Jul 19, 2024
- add additional guidance based in discussion related to recent PR to dependency and discussion within the security-wg slack channel. Refs: nodejs/security-wg#1329 Signed-off-by: Michael Dawson <midawson@redhat.com> PR-URL: #53499 Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com> Reviewed-By: Chengzhong Wu <legendecas@gmail.com> Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com> Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Ulises Gascón <ulisesgascongonzalez@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Richard Lau <rlau@redhat.com>
Merged
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Refs: nodejs/security-wg#1329