Ecosyste.ms: Issues

An open API service for providing issue and pull request metadata for open source projects.

GitHub / nodejs/security-wg issues and pull requests

#1221 - OpenSSF Scorecard Report Updated

Pull Request - State: closed - Opened by github-actions[bot] 10 months ago
Labels: security-wg-agenda

#1221 - OpenSSF Scorecard Report Updated

Pull Request - State: closed - Opened by github-actions[bot] 10 months ago
Labels: security-wg-agenda

#1220 - OpenSSF Scorecard Report Updated!

Issue - State: closed - Opened by github-actions[bot] 10 months ago

#1220 - OpenSSF Scorecard Report Updated!

Issue - State: closed - Opened by github-actions[bot] 10 months ago

#1219 - build(deps): bump step-security/harden-runner from 2.6.1 to 2.7.0

Pull Request - State: closed - Opened by dependabot[bot] 10 months ago
Labels: dependencies, github_actions

#1218 - regarding installation of node

Issue - State: closed - Opened by sk670994 10 months ago - 1 comment

#1218 - regarding installation of node

Issue - State: closed - Opened by sk670994 10 months ago - 1 comment

#1217 - build(deps): bump axios from 1.6.5 to 1.6.7

Pull Request - State: closed - Opened by dependabot[bot] 10 months ago
Labels: dependencies, javascript

#1216 - build(deps): bump inquirer from 7.3.3 to 9.2.13

Pull Request - State: closed - Opened by dependabot[bot] 10 months ago - 1 comment
Labels: dependencies, javascript

#1216 - build(deps): bump inquirer from 7.3.3 to 9.2.13

Pull Request - State: closed - Opened by dependabot[bot] 10 months ago - 1 comment
Labels: dependencies, javascript

#1215 - build(deps): bump joi from 13.7.0 to 17.12.1

Pull Request - State: closed - Opened by dependabot[bot] 10 months ago - 1 comment
Labels: dependencies, javascript

#1215 - build(deps): bump joi from 13.7.0 to 17.12.1

Pull Request - State: closed - Opened by dependabot[bot] 10 months ago - 1 comment
Labels: dependencies, javascript

#1214 - Node.js Security team Meeting 2024-02-01

Issue - State: closed - Opened by mhdawson 10 months ago - 3 comments

#1214 - Node.js Security team Meeting 2024-02-01

Issue - State: closed - Opened by mhdawson 10 months ago - 3 comments

#1213 - build(deps): bump actions/upload-artifact from 4.2.0 to 4.3.0

Pull Request - State: closed - Opened by dependabot[bot] 10 months ago
Labels: dependencies, github_actions

#1213 - build(deps): bump actions/upload-artifact from 4.2.0 to 4.3.0

Pull Request - State: closed - Opened by dependabot[bot] 10 months ago
Labels: dependencies, github_actions

#1212 - build(deps): bump joi from 13.7.0 to 17.12.0

Pull Request - State: closed - Opened by dependabot[bot] 10 months ago - 1 comment
Labels: dependencies, javascript

#1212 - build(deps): bump joi from 13.7.0 to 17.12.0

Pull Request - State: closed - Opened by dependabot[bot] 10 months ago - 1 comment
Labels: dependencies, javascript

#1211 - OpenSSF Scorecard Report Updated

Pull Request - State: closed - Opened by github-actions[bot] 10 months ago - 1 comment
Labels: security-wg-agenda

#1210 - OpenSSF Scorecard Report Updated!

Issue - State: closed - Opened by github-actions[bot] 10 months ago - 1 comment

#1210 - OpenSSF Scorecard Report Updated!

Issue - State: closed - Opened by github-actions[bot] 10 months ago - 1 comment

#1209 - OpenSSF Scorecard Report Updated

Pull Request - State: closed - Opened by github-actions[bot] 10 months ago
Labels: security-wg-agenda

#1209 - OpenSSF Scorecard Report Updated

Pull Request - State: closed - Opened by github-actions[bot] 10 months ago
Labels: security-wg-agenda

#1208 - OpenSSF Scorecard Report Updated!

Issue - State: closed - Opened by github-actions[bot] 10 months ago

#1208 - OpenSSF Scorecard Report Updated!

Issue - State: closed - Opened by github-actions[bot] 10 months ago

#1207 - OSTIF<>Fuzzing Audit update to security-wg for February 1 meeting.

Issue - State: closed - Opened by Amir-Montazery 10 months ago - 1 comment

#1206 - Upgrade to [email protected]

Pull Request - State: closed - Opened by UlisesGascon 10 months ago
Labels: dependencies

#1205 - build(deps): bump actions/dependency-review-action from 3.1.5 to 4.0.0

Pull Request - State: closed - Opened by dependabot[bot] 10 months ago
Labels: dependencies, github_actions

#1204 - build(deps): bump actions/upload-artifact from 4.1.0 to 4.2.0

Pull Request - State: closed - Opened by dependabot[bot] 10 months ago
Labels: dependencies, github_actions

#1203 - doc: add 2024-01-18 meeting

Pull Request - State: closed - Opened by RafaelGSS 10 months ago

#1203 - doc: add 2024-01-18 meeting

Pull Request - State: closed - Opened by RafaelGSS 10 months ago

#1202 - zoom link does not appear on the calendar

Issue - State: closed - Opened by marco-ippolito 10 months ago - 1 comment

#1201 - OpenSSF Scorecard Report Updated

Pull Request - State: closed - Opened by github-actions[bot] 10 months ago
Labels: security-wg-agenda

#1200 - OpenSSF Scorecard Report Updated!

Issue - State: closed - Opened by github-actions[bot] 10 months ago

#1200 - OpenSSF Scorecard Report Updated!

Issue - State: closed - Opened by github-actions[bot] 10 months ago

#1199 - OpenSSF Scorecard Report Updated

Pull Request - State: closed - Opened by github-actions[bot] 10 months ago
Labels: security-wg-agenda

#1198 - OpenSSF Scorecard Report Updated!

Issue - State: closed - Opened by github-actions[bot] 10 months ago

#1198 - OpenSSF Scorecard Report Updated!

Issue - State: closed - Opened by github-actions[bot] 10 months ago

#1197 - build(deps): bump joi from 13.7.0 to 17.11.1

Pull Request - State: closed - Opened by dependabot[bot] 10 months ago - 1 comment
Labels: dependencies, javascript

#1196 - Node.js Security team Meeting 2024-01-18

Issue - State: closed - Opened by mhdawson 10 months ago - 1 comment

#1196 - Node.js Security team Meeting 2024-01-18

Issue - State: closed - Opened by mhdawson 10 months ago - 1 comment

#1195 - build(deps): bump actions/upload-artifact from 4.0.0 to 4.1.0

Pull Request - State: closed - Opened by dependabot[bot] 10 months ago
Labels: dependencies, github_actions

#1195 - build(deps): bump actions/upload-artifact from 4.0.0 to 4.1.0

Pull Request - State: closed - Opened by dependabot[bot] 10 months ago
Labels: dependencies, github_actions

#1194 - build(deps): bump follow-redirects from 1.15.2 to 1.15.4

Pull Request - State: closed - Opened by dependabot[bot] 10 months ago
Labels: dependencies, javascript

#1194 - build(deps): bump follow-redirects from 1.15.2 to 1.15.4

Pull Request - State: closed - Opened by dependabot[bot] 10 months ago
Labels: dependencies, javascript

#1193 - Mitre organization for CVE id request

Issue - State: closed - Opened by marco-ippolito 10 months ago - 29 comments
Labels: stale

#1193 - Mitre organization for CVE id request

Issue - State: open - Opened by marco-ippolito 10 months ago - 28 comments

#1192 - build(deps): bump axios from 1.6.3 to 1.6.5

Pull Request - State: closed - Opened by dependabot[bot] 10 months ago
Labels: dependencies, javascript

#1192 - build(deps): bump axios from 1.6.3 to 1.6.5

Pull Request - State: closed - Opened by dependabot[bot] 10 months ago
Labels: dependencies, javascript

#1191 - build(deps): bump actions/dependency-review-action from 3.1.4 to 3.1.5

Pull Request - State: closed - Opened by dependabot[bot] 11 months ago
Labels: dependencies, github_actions

#1190 - Requirement (Gold level): Secured delivery against man-in-the-middle (MITM) attacks

Issue - State: open - Opened by UlisesGascon 11 months ago - 5 comments
Labels: CII-best-practices, never-stale

#1189 - Requirement (Gold level): Use basic good cryptographic practices

Issue - State: open - Opened by UlisesGascon 11 months ago - 6 comments
Labels: never-stale

#1189 - Requirement (Gold level): Use basic good cryptographic practices

Issue - State: open - Opened by UlisesGascon 11 months ago - 2 comments

#1187 - Requirement (Gold level): The project MUST include a license and copyright statement in each source file

Issue - State: open - Opened by UlisesGascon 11 months ago - 5 comments
Labels: CII-best-practices, never-stale

#1186 - Requirement (Silver level): Hardening mechanisms

Issue - State: closed - Opened by UlisesGascon 11 months ago - 2 comments
Labels: stale, CII-best-practices, never-stale

#1185 - CII Passing: add commit hash reference for the context links

Pull Request - State: closed - Opened by UlisesGascon 11 months ago - 1 comment
Labels: stale, CII-best-practices

#1184 - CII Silver: add commit hash reference for the context links

Pull Request - State: closed - Opened by UlisesGascon 11 months ago
Labels: CII-best-practices

#1182 - Drop openssl-v1-update

Issue - State: closed - Opened by RafaelGSS 11 months ago

#1181 - nodejs-dependency-vuln-assessments automation failing

Issue - State: closed - Opened by RafaelGSS 11 months ago - 3 comments

#1171 - support ergonomically whitelisting a package's internal code

Issue - State: closed - Opened by timkuijsten 11 months ago - 1 comment
Labels: stale

#1171 - support ergonomically whitelisting a package's internal code

Issue - State: open - Opened by timkuijsten 11 months ago - 1 comment
Labels: stale

#1168 - Does .wasm module under --experimental-pemission protect?

Issue - State: open - Opened by LongTengDao 11 months ago - 4 comments

#1168 - Does .wasm module under --experimental-pemission protect?

Issue - State: closed - Opened by LongTengDao 11 months ago - 5 comments
Labels: stale

#1149 - NodeJS Code integrity on Windows

Issue - State: closed - Opened by rdw-msft about 1 year ago - 2 comments
Labels: security-wg-agenda, stale

#1149 - NodeJS Code integrity on Windows

Issue - State: closed - Opened by rdw-msft about 1 year ago - 2 comments
Labels: security-wg-agenda, stale

#1123 - doc: add meeting minutes 2023-09-28

Pull Request - State: closed - Opened by UlisesGascon about 1 year ago

#1116 - Handling `*` paths in --allow-fs-* flags

Issue - State: closed - Opened by RafaelGSS about 1 year ago - 5 comments
Labels: stale, discussion, never-stale

#1116 - Handling `*` paths in --allow-fs-* flags

Issue - State: open - Opened by RafaelGSS about 1 year ago - 5 comments
Labels: stale, discussion, never-stale

#1115 - Have a SBOM for Node.js?

Issue - State: open - Opened by marco-ippolito about 1 year ago - 23 comments
Labels: never-stale

#1104 - License checker process/script

Issue - State: open - Opened by UlisesGascon about 1 year ago - 6 comments
Labels: help wanted, good first issue, stale

#1104 - License checker process/script

Issue - State: closed - Opened by UlisesGascon about 1 year ago - 6 comments
Labels: help wanted, good first issue

#1074 - Load permission settings from config files

Issue - State: closed - Opened by Ceres6 over 1 year ago - 11 comments
Labels: stale

#1074 - Load permission settings from config files

Issue - State: closed - Opened by Ceres6 over 1 year ago - 11 comments
Labels: stale

#1037 - Audit build process for dependencies

Issue - State: open - Opened by mhdawson over 1 year ago - 24 comments
Labels: security-wg-agenda, never-stale

#1006 - What's new from the Security WG - News

Issue - State: closed - Opened by mhdawson over 1 year ago - 1 comment

#956 - CII-Best-Practices for Nodejs: Gold level

Pull Request - State: open - Opened by UlisesGascon over 1 year ago - 6 comments
Labels: CII-best-practices, never-stale

#953 - Initiative for CII-Best-Practices for Nodejs Projects

Issue - State: open - Opened by UlisesGascon over 1 year ago - 30 comments
Labels: CII-best-practices, never-stale

#953 - Initiative for CII-Best-Practices for Nodejs Projects

Issue - State: open - Opened by UlisesGascon over 1 year ago - 33 comments
Labels: CII-best-practices, never stale

#898 - Permission Model - Roadmap

Issue - State: closed - Opened by RafaelGSS over 1 year ago - 24 comments
Labels: security-wg-agenda

#898 - Permission Model - Roadmap

Issue - State: open - Opened by RafaelGSS over 1 year ago - 22 comments
Labels: security-wg-agenda

#876 - Node.js core SLSA.dev Review

Issue - State: closed - Opened by BethGriggs almost 2 years ago - 24 comments
Labels: stale

#876 - Node.js core SLSA.dev Review

Issue - State: closed - Opened by BethGriggs almost 2 years ago - 24 comments
Labels: stale

#860 - Automate security release process

Issue - State: open - Opened by RafaelGSS almost 2 years ago - 16 comments

#860 - Automate security release process

Issue - State: open - Opened by RafaelGSS almost 2 years ago - 17 comments
Labels: security-wg-agenda

#859 - Assessment against best practices (OpenSSF Scorecards ...)

Issue - State: open - Opened by fraxken almost 2 years ago - 7 comments
Labels: never-stale

#852 - Abort when vulnerable flag

Issue - State: open - Opened by RafaelGSS almost 2 years ago - 12 comments
Labels: security-wg-agenda