archive/node
1
0
Fork 0
mirror of https://github.com/nodejs/node.git synced 2025-08-15 13:48:44 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

doc: ping nodejs/tsc for each security pull request

Browse source 
Refs: https://github.com/nodejs/TSC/issues/1687
PR-URL: https://github.com/nodejs/node/pull/57309
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
This commit is contained in:
Rafael Gonzaga 2025-03-06 09:52:04 -03:00 committed by GitHub
parent 395439be8b
commit ded4eca425
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 3 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

3
doc/contributing/security-release-process.md
View file

@ -56,6 +56,9 @@ The current security stewards are documented in the main Node.js
* Use the "summary" feature in HackerOne. Example [2038134](https://hackerone.com/reports/2038134)
* `git node security --add-report=report_id`
* `git node security --remove-report=report_id`
* Ensure to ping the Node.js TSC team for review of the PRs prior to the release date.
* Adding individuals with expertise in the report topic is also a viable option if
communicated properly with nodejs/security and TSC.
* [ ] 3\. **Assigning Severity and Writing Team Summary:**
* [ ] Assign a severity and write a team summary on HackerOne for the reports