From 7ed5b14cb89e01c7305f4adc735e40be80cc0d3a Mon Sep 17 00:00:00 2001 From: RafaelGSS Date: Tue, 4 Mar 2025 09:39:47 -0300 Subject: [PATCH 1/2] doc: ping nodejs/tsc for each security pull request Refs: https://github.com/nodejs/TSC/issues/1687 --- doc/contributing/security-release-process.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/doc/contributing/security-release-process.md b/doc/contributing/security-release-process.md index 9ea616f6de2298..439d471ece2da1 100644 --- a/doc/contributing/security-release-process.md +++ b/doc/contributing/security-release-process.md @@ -56,6 +56,9 @@ The current security stewards are documented in the main Node.js * Use the "summary" feature in HackerOne. Example [2038134](https://hackerone.com/reports/2038134) * `git node security --add-report=report_id` * `git node security --remove-report=report_id` + * Ensure to ping the Node.js TSC team for review of the PRs prior to the release date. + * Adding individuals with expertise in the report topic is also a viable option if + communicated properly with nodejs/security and TSC. * [ ] 3\. **Assigning Severity and Writing Team Summary:** * [ ] Assign a severity and write a team summary on HackerOne for the reports From abdd435f49fd1639461c794fc71cb5aa19b4fdad Mon Sep 17 00:00:00 2001 From: RafaelGSS Date: Tue, 4 Mar 2025 09:49:50 -0300 Subject: [PATCH 2/2] fixup! doc: ping nodejs/tsc for each security pull request --- doc/contributing/security-release-process.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/contributing/security-release-process.md b/doc/contributing/security-release-process.md index 439d471ece2da1..0932dfb7b63c1d 100644 --- a/doc/contributing/security-release-process.md +++ b/doc/contributing/security-release-process.md @@ -58,7 +58,7 @@ The current security stewards are documented in the main Node.js * `git node security --remove-report=report_id` * Ensure to ping the Node.js TSC team for review of the PRs prior to the release date. * Adding individuals with expertise in the report topic is also a viable option if - communicated properly with nodejs/security and TSC. + communicated properly with nodejs/security and TSC. * [ ] 3\. **Assigning Severity and Writing Team Summary:** * [ ] Assign a severity and write a team summary on HackerOne for the reports