doc: add 2024-12-19 meeting notes (#1417)

* doc: add 2024-12-19 meeting notes * Update meetings/2024-12-19.md Co-authored-by: Ulises Gascón <[email protected]> * Update meetings/2024-12-19.md Co-authored-by: Ulises Gascón <[email protected]> * Update meetings/2024-12-19.md Co-authored-by: Ulises Gascón <[email protected]> --------- Co-authored-by: Ulises Gascón <[email protected]>
nodejs · Dec 21, 2024 · 3ae9475 · 3ae9475
1 parent 142bb49
commit 3ae9475
Showing 1 changed file with 57 additions and 0 deletions.
diff --git a/meetings/2024-12-19.md b/meetings/2024-12-19.md
@@ -0,0 +1,57 @@
+# Node.js  Security Team Meeting 2024-12-19
+
+## Links
+
+* **Recording**:  https://www.youtube.com/watch?v=euPfJNY6Pyo
+* **GitHub Issue**: https://github.com/nodejs/security-wg/issues/1415
+* **Minutes Google Doc**: https://docs.google.com/document/d/1c5qAEwlC6yI174oDO3eXVW4NHNGkurSqEZp7y5OpA88/edit?tab=t.0
+
+## Present
+
+* Security wg team: @nodejs/security-wg
+* Rafael Gonzaga: @RafaelGSS
+* Ulises Gascón: @UlisesGascon
+* Robert W
+
+## Agenda
+
+## Announcements
+
+- [x] Vulnerability Review - https://github.com/nodejs/nodejs-dependency-vuln-assessments/issues
+	- No relevant vulnerabilities that affects Node.js
+            - Add dont-believe-affect-nodejs label to npm 10 warn
+- [x] OpenSSF Scorecard Monitor Review - https://github.com/nodejs/security-wg/issues?q=is%3Aissue+OpenSSF+Scorecard+Report+Updated%21+
+	- No actions pending for the team
+### nodejs/node
+
+* src: add WDAC integration (Windows) [#54364](https://github.com/nodejs/node/pull/54364)
+  * Robert is working on it (isolation building on windows only) and will keep working on it.
+  * Discussion around the feedback collected on the PR:
+  * Request to work using snapshotable API (seems like use a separate scope is the way to go) for better testing
+  * Rafael, I don’t believe we need to use the snapshotable API for this POC yet
+
+### nodejs/security-wg
+
+* Add a warning on EOL versions #1401
+  * There is a blog post ready that will be published after the holidays
+  * CVEs will be published (2w after the announcement)
+* Node.js maintainers: Threat Model [#1333](https://github.com/nodejs/security-wg/issues/1333)
+  * Skip due forum. PR opened to the Node.js Security repository: https://github.com/nodejs/security-wg/pull/1414
+* Audit build process for dependencies [#1037](https://github.com/nodejs/security-wg/issues/1037)
+  * No updates
+* Extend security reporting for LTS lines beyond their lifetimes [#1025](https://github.com/nodejs/security-wg/issues/1025)
+  * Dropped from agenda
+* Automate security release process [#860](https://github.com/nodejs/security-wg/issues/860)
+  * Work is ongoing (2 PRs are open now).
+  * Great progress is made.
+
+## Q&A, Other
+
+Thanks for this amazing year working together! ✨
+
+## Upcoming Meetings
+
+* **Node.js Project Calendar**: <https://nodejs.org/calendar>
+
+Click `+GoogleCalendar` at the bottom right to add to your own Google calendar.
+