Ecosyste.ms: Issues

An open API service for providing issue and pull request metadata for open source projects.

GitHub / nodejs/security-wg issues and pull requests

#1298 - build(deps): bump inquirer from 7.3.3 to 9.2.20

Pull Request - State: closed - Opened by dependabot[bot] 7 months ago - 1 comment
Labels: dependencies, javascript

#1297 - build(deps): bump joi from 13.7.0 to 17.13.0

Pull Request - State: closed - Opened by dependabot[bot] 7 months ago - 1 comment
Labels: dependencies, javascript

#1296 - Scores of vulnerability found in experimental features can be too high

Issue - State: closed - Opened by joyeecheung 7 months ago - 9 comments

#1295 - doc: add 2024-04-25 meeting notes

Pull Request - State: closed - Opened by RafaelGSS 7 months ago

#1294 - OpenSSF Scorecard Report Updated

Pull Request - State: closed - Opened by github-actions[bot] 7 months ago
Labels: security-wg-agenda

#1293 - OpenSSF Scorecard Report Updated!

Issue - State: closed - Opened by github-actions[bot] 7 months ago

#1292 - OpenSSF Scorecard Report Updated

Pull Request - State: closed - Opened by github-actions[bot] 7 months ago
Labels: security-wg-agenda

#1291 - OpenSSF Scorecard Report Updated!

Issue - State: closed - Opened by github-actions[bot] 7 months ago

#1290 - Security Vulnerability to report

Issue - State: closed - Opened by 4xpl0r3r 7 months ago - 1 comment
Labels: tsc-agenda

#1289 - build(deps): bump inquirer from 7.3.3 to 9.2.19

Pull Request - State: closed - Opened by dependabot[bot] 7 months ago - 1 comment
Labels: dependencies, javascript

#1288 - Threat Model question about Permission Model

Issue - State: closed - Opened by 4xpl0r3r 7 months ago - 2 comments

#1287 - More control over remote debugging (and killing)

Issue - State: closed - Opened by RedYetiDev 7 months ago - 4 comments

#1286 - Node.js Security team Meeting 2024-04-25

Issue - State: closed - Opened by mhdawson 7 months ago - 1 comment

#1284 - HackerOne page does not mention the threat model

Issue - State: closed - Opened by joyeecheung 7 months ago - 1 comment

#1283 - Question: Why do we have a `--experimental-policy`?

Issue - State: closed - Opened by RedYetiDev 7 months ago - 4 comments

#1282 - Collaborators Inactivity Policy Review

Issue - State: open - Opened by marco-ippolito 7 months ago - 5 comments
Labels: never-stale

#1281 - doc: use gender neutral terms

Pull Request - State: closed - Opened by RedYetiDev 7 months ago - 1 comment

#1280 - build(deps): bump inquirer from 7.3.3 to 9.2.18

Pull Request - State: closed - Opened by dependabot[bot] 7 months ago - 1 comment
Labels: dependencies, javascript

#1279 - update core index.json

Pull Request - State: closed - Opened by github-actions[bot] 7 months ago
Labels: security-wg-agenda

#1278 - vuln: add latest sec release

Pull Request - State: closed - Opened by RafaelGSS 7 months ago

#1277 - OpenSSF Scorecard Report Updated!

Issue - State: closed - Opened by github-actions[bot] 7 months ago

#1276 - build(deps): bump joi from 13.7.0 to 17.12.3

Pull Request - State: closed - Opened by dependabot[bot] 7 months ago - 1 comment
Labels: dependencies, javascript

#1275 - Node.js Security team Meeting 2024-04-11

Issue - State: closed - Opened by mhdawson 7 months ago - 5 comments

#1274 - Can we have "unsecure" features in Node.js?

Issue - State: closed - Opened by aduh95 8 months ago - 5 comments
Labels: stale

#1273 - update core index.json

Pull Request - State: closed - Opened by github-actions[bot] 8 months ago
Labels: security-wg-agenda

#1272 - vuln: add vulnerabilities from april security release

Pull Request - State: closed - Opened by marco-ippolito 8 months ago

#1271 - dependabot suggesting pre-release update

Issue - State: closed - Opened by RafaelGSS 8 months ago - 2 comments
Labels: stale

#1270 - build(deps): bump inquirer from 7.3.3 to 9.2.17

Pull Request - State: closed - Opened by dependabot[bot] 8 months ago - 1 comment
Labels: dependencies, javascript

#1268 - chore: add minutes doc for 2024-03-28 meeting

Pull Request - State: closed - Opened by marco-ippolito 8 months ago - 1 comment

#1267 - OpenSSF Scorecard Report Updated

Pull Request - State: closed - Opened by github-actions[bot] 8 months ago
Labels: security-wg-agenda

#1266 - OpenSSF Scorecard Report Updated!

Issue - State: closed - Opened by github-actions[bot] 8 months ago

#1265 - OpenSSF Scorecard Report Updated

Pull Request - State: closed - Opened by github-actions[bot] 8 months ago
Labels: security-wg-agenda

#1264 - OpenSSF Scorecard Report Updated!

Issue - State: closed - Opened by github-actions[bot] 8 months ago

#1263 - build(deps): bump actions/dependency-review-action from 4.2.4 to 4.2.5

Pull Request - State: closed - Opened by dependabot[bot] 8 months ago
Labels: dependencies, github_actions

#1263 - build(deps): bump actions/dependency-review-action from 4.2.4 to 4.2.5

Pull Request - State: closed - Opened by dependabot[bot] 8 months ago
Labels: dependencies, github_actions

#1262 - Discuss adding --security-revert to NODE_OPTIONS

Issue - State: closed - Opened by RafaelGSS 8 months ago

#1261 - build(deps): bump actions/dependency-review-action from 4.2.3 to 4.2.4

Pull Request - State: closed - Opened by dependabot[bot] 8 months ago
Labels: dependencies, github_actions

#1261 - build(deps): bump actions/dependency-review-action from 4.2.3 to 4.2.4

Pull Request - State: closed - Opened by dependabot[bot] 8 months ago
Labels: dependencies, github_actions

#1260 - Node.js Security team Meeting 2024-03-28

Issue - State: closed - Opened by mhdawson 8 months ago - 2 comments

#1259 - build(deps): bump actions/dependency-review-action from 4.1.3 to 4.2.3

Pull Request - State: closed - Opened by dependabot[bot] 8 months ago
Labels: dependencies, github_actions

#1259 - build(deps): bump actions/dependency-review-action from 4.1.3 to 4.2.3

Pull Request - State: closed - Opened by dependabot[bot] 8 months ago
Labels: dependencies, github_actions

#1258 - build(deps): bump axios from 1.6.7 to 1.6.8

Pull Request - State: closed - Opened by dependabot[bot] 8 months ago
Labels: dependencies, javascript

#1258 - build(deps): bump axios from 1.6.7 to 1.6.8

Pull Request - State: closed - Opened by dependabot[bot] 8 months ago
Labels: dependencies, javascript

#1257 - build(deps): bump inquirer from 7.3.3 to 9.2.16

Pull Request - State: closed - Opened by dependabot[bot] 8 months ago - 1 comment
Labels: dependencies, javascript

#1256 - build(deps): bump follow-redirects from 1.15.4 to 1.15.6

Pull Request - State: closed - Opened by dependabot[bot] 8 months ago - 1 comment
Labels: dependencies, javascript

#1256 - build(deps): bump follow-redirects from 1.15.4 to 1.15.6

Pull Request - State: closed - Opened by dependabot[bot] 8 months ago - 1 comment
Labels: dependencies, javascript

#1255 - Node.js Security Initiatives 2024

Issue - State: closed - Opened by RafaelGSS 8 months ago - 16 comments

#1254 - doc: remove WG mention

Pull Request - State: closed - Opened by RafaelGSS 8 months ago

#1254 - doc: remove WG mention

Pull Request - State: closed - Opened by RafaelGSS 8 months ago

#1253 - doc: move inactive members to Emeritus

Pull Request - State: closed - Opened by RafaelGSS 8 months ago

#1253 - doc: move inactive members to Emeritus

Pull Request - State: closed - Opened by RafaelGSS 8 months ago

#1252 - doc: update current initiatives and remove concluded

Pull Request - State: closed - Opened by RafaelGSS 8 months ago

#1252 - doc: update current initiatives and remove concluded

Pull Request - State: closed - Opened by RafaelGSS 8 months ago

#1251 - doc: add 2024-03-14 meeting notes

Pull Request - State: closed - Opened by RafaelGSS 8 months ago

#1251 - doc: add 2024-03-14 meeting notes

Pull Request - State: closed - Opened by RafaelGSS 8 months ago

#1250 - doc: add 2024-02-29 minutes

Pull Request - State: closed - Opened by marco-ippolito 8 months ago

#1250 - doc: add 2024-02-29 minutes

Pull Request - State: closed - Opened by marco-ippolito 8 months ago

#1249 - doc: add 2024-02-01 minute

Pull Request - State: closed - Opened by marco-ippolito 8 months ago

#1248 - OpenSSF Scorecard Report Updated

Pull Request - State: closed - Opened by github-actions[bot] 8 months ago
Labels: security-wg-agenda

#1248 - OpenSSF Scorecard Report Updated

Pull Request - State: closed - Opened by github-actions[bot] 8 months ago
Labels: security-wg-agenda

#1247 - OpenSSF Scorecard Report Updated!

Issue - State: closed - Opened by github-actions[bot] 8 months ago

#1246 - build(deps): bump actions/checkout from 4.1.1 to 4.1.2

Pull Request - State: closed - Opened by dependabot[bot] 8 months ago
Labels: dependencies, github_actions

#1246 - build(deps): bump actions/checkout from 4.1.1 to 4.1.2

Pull Request - State: closed - Opened by dependabot[bot] 8 months ago
Labels: dependencies, github_actions

#1245 - Node.js Security team Meeting 2024-03-14

Issue - State: closed - Opened by mhdawson 8 months ago - 3 comments

#1245 - Node.js Security team Meeting 2024-03-14

Issue - State: closed - Opened by mhdawson 8 months ago - 3 comments

#1243 - Read time outs in "Check for vulnerabilities daily" workflow

Issue - State: closed - Opened by richardlau 9 months ago - 2 comments

#1242 - OpenSSF Scorecard Report Updated

Pull Request - State: closed - Opened by github-actions[bot] 9 months ago
Labels: security-wg-agenda

#1241 - OpenSSF Scorecard Report Updated!

Issue - State: closed - Opened by github-actions[bot] 9 months ago

#1241 - OpenSSF Scorecard Report Updated!

Issue - State: closed - Opened by github-actions[bot] 9 months ago

#1240 - OpenSSF Scorecard Report Updated

Pull Request - State: closed - Opened by github-actions[bot] 9 months ago
Labels: security-wg-agenda

#1239 - OpenSSF Scorecard Report Updated!

Issue - State: closed - Opened by github-actions[bot] 9 months ago

#1238 - build(deps): bump joi from 13.7.0 to 17.12.2

Pull Request - State: closed - Opened by dependabot[bot] 9 months ago - 1 comment
Labels: dependencies, javascript

#1238 - build(deps): bump joi from 13.7.0 to 17.12.2

Pull Request - State: closed - Opened by dependabot[bot] 9 months ago - 1 comment
Labels: dependencies, javascript

#1237 - Node.js Security team Meeting 2024-02-29

Issue - State: closed - Opened by mhdawson 9 months ago - 5 comments

#1237 - Node.js Security team Meeting 2024-02-29

Issue - State: closed - Opened by mhdawson 9 months ago - 5 comments

#1236 - Proposed approach for build steps in deps which are not in make node

Issue - State: open - Opened by mhdawson 9 months ago - 10 comments

#1235 - build(deps): bump actions/dependency-review-action from 4.1.2 to 4.1.3

Pull Request - State: closed - Opened by dependabot[bot] 9 months ago
Labels: dependencies, github_actions

#1235 - build(deps): bump actions/dependency-review-action from 4.1.2 to 4.1.3

Pull Request - State: closed - Opened by dependabot[bot] 9 months ago
Labels: dependencies, github_actions

#1234 - build(deps): bump actions/dependency-review-action from 4.1.0 to 4.1.2

Pull Request - State: closed - Opened by dependabot[bot] 9 months ago
Labels: dependencies, github_actions

#1234 - build(deps): bump actions/dependency-review-action from 4.1.0 to 4.1.2

Pull Request - State: closed - Opened by dependabot[bot] 9 months ago
Labels: dependencies, github_actions

#1233 - build(deps): bump inquirer from 7.3.3 to 9.2.15

Pull Request - State: closed - Opened by dependabot[bot] 9 months ago - 1 comment
Labels: dependencies, javascript

#1233 - build(deps): bump inquirer from 7.3.3 to 9.2.15

Pull Request - State: closed - Opened by dependabot[bot] 9 months ago - 1 comment
Labels: dependencies, javascript

#1232 - update core index.json

Pull Request - State: closed - Opened by github-actions[bot] 9 months ago
Labels: security-wg-agenda

#1231 - vuln: add latest security release vulnerabilities

Pull Request - State: closed - Opened by RafaelGSS 9 months ago

#1230 - OpenSSF Scorecard Report Updated

Pull Request - State: closed - Opened by github-actions[bot] 9 months ago
Labels: security-wg-agenda

#1230 - OpenSSF Scorecard Report Updated

Pull Request - State: closed - Opened by github-actions[bot] 9 months ago
Labels: security-wg-agenda

#1229 - OpenSSF Scorecard Report Updated!

Issue - State: closed - Opened by github-actions[bot] 9 months ago - 1 comment

#1229 - OpenSSF Scorecard Report Updated!

Issue - State: closed - Opened by github-actions[bot] 9 months ago - 1 comment

#1228 - build(deps): bump actions/dependency-review-action from 4.0.0 to 4.1.0

Pull Request - State: closed - Opened by dependabot[bot] 9 months ago
Labels: dependencies, github_actions

#1227 - Node.js Security team Meeting 2024-02-15

Issue - State: closed - Opened by mhdawson 9 months ago - 1 comment

#1227 - Node.js Security team Meeting 2024-02-15

Issue - State: closed - Opened by mhdawson 9 months ago - 1 comment

#1226 - build(deps): bump actions/setup-node from 4.0.1 to 4.0.2

Pull Request - State: closed - Opened by dependabot[bot] 9 months ago
Labels: dependencies, github_actions

#1225 - build(deps): bump actions/upload-artifact from 4.3.0 to 4.3.1

Pull Request - State: closed - Opened by dependabot[bot] 9 months ago
Labels: dependencies, github_actions

#1224 - February 6 2024 Security Releases not announced to nodejs-sec

Issue - State: closed - Opened by Yogu 10 months ago - 3 comments

#1223 - build(deps): bump inquirer from 7.3.3 to 9.2.14

Pull Request - State: closed - Opened by dependabot[bot] 10 months ago - 1 comment
Labels: dependencies, javascript

#1223 - build(deps): bump inquirer from 7.3.3 to 9.2.14

Pull Request - State: closed - Opened by dependabot[bot] 10 months ago - 1 comment
Labels: dependencies, javascript

#1222 - build(deps): bump semver from 7.5.4 to 7.6.0

Pull Request - State: closed - Opened by dependabot[bot] 10 months ago
Labels: dependencies, javascript