0
0
mirror of https://github.com/nodejs/node.git synced 2024-11-24 03:07:54 +01:00
Commit Graph

26 Commits

Author SHA1 Message Date
Aviv Keller
01c88f9136
meta: fix links in SECURITY.md
PR-URL: https://github.com/nodejs/node/pull/54696
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
2024-09-03 16:38:27 +00:00
Rich Trott
a2446de50f
doc: fix minor grammar and style issues in SECURITY.md
PR-URL: https://github.com/nodejs/node/pull/53168
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Yagiz Nizipli <yagiz.nizipli@sentry.io>
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Moshe Atlow <moshe@atlow.co.il>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Ulises Gascón <ulisesgascongonzalez@gmail.com>
2024-05-28 17:40:22 +00:00
Antoine du Hamel
14293814a7
doc: clarify Corepack threat model
PR-URL: https://github.com/nodejs/node/pull/51917
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Geoffrey Booth <webadmin@geoffreybooth.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Reviewed-By: Yagiz Nizipli <yagiz.nizipli@sentry.io>
Reviewed-By: Moshe Atlow <moshe@atlow.co.il>
Reviewed-By: Paolo Insogna <paolo@cowtech.it>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
Reviewed-By: Chengzhong Wu <legendecas@gmail.com>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
2024-03-01 23:02:41 +00:00
Rafael Gonzaga
a71210ba60
doc: mention node:wasi in the Threat Model
PR-URL: https://github.com/nodejs/node/pull/51211
Reviewed-By: Michael Dawson <midawson@redhat.com>
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
2023-12-21 12:55:52 +00:00
Rafael Gonzaga
3f4c127f92
doc: include experimental features assessment
PR-URL: https://github.com/nodejs/node/pull/48824
Refs: https://github.com/nodejs-private/node-private/issues/420
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Ruy Adorno <ruyadorno@google.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
2023-07-21 13:51:55 +00:00
Mohammed Keyvanzadeh
a6748ec342
doc: fix typos in SECURITY.md
PR-URL: https://github.com/nodejs/node/pull/47677
Reviewed-By: Daeyeon Jeong <daeyeon.dev@gmail.com>
Reviewed-By: Deokjin Kim <deokjin81.kim@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
2023-04-23 06:00:17 +00:00
Rafael Gonzaga
23f4a6c7e1
doc: clarify reports are only evaluated on active versions
PR-URL: https://github.com/nodejs/node/pull/47341
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Beth Griggs <bethanyngriggs@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
2023-04-03 09:28:10 +00:00
Matteo Collina
42c4a35952
meta: clarify the threat model to explain the JSON.parse case
Signed-off-by: Matteo Collina <hello@matteocollina.com>
PR-URL: https://github.com/nodejs/node/pull/47276
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
2023-03-30 12:40:57 +00:00
Rich Trott
da2210ef3f doc: fix typo in SECURITY.md
PR-URL: https://github.com/nodejs/node/pull/47282
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Michael Dawson <midawson@redhat.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
2023-03-28 12:42:45 -07:00
Michael Dawson
088e470dcd doc: update threat model based on discussions
Signed-off-by: Michael Dawson <mdawson@devrus.com>

PR-URL: https://github.com/nodejs/node/pull/46373
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
2023-02-01 10:11:32 -05:00
Vaishno Chaitanya
4aa537c005 doc: fix spelling in SECURITY.md
PR-URL: https://github.com/nodejs/node/pull/46124
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Harshitha K P <harshitha014@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Rich Trott <rtrott@gmail.com>
2023-01-07 07:52:07 -08:00
Tobias Nießen
ccd3a42dd9
doc: fix typo in threat model
Refs: https://github.com/nodejs/node/pull/45223
PR-URL: https://github.com/nodejs/node/pull/45558
Reviewed-By: Harshitha K P <harshitha014@gmail.com>
Reviewed-By: Darshan Sen <raisinten@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Richard Lau <rlau@redhat.com>
2022-11-21 14:25:43 +00:00
Rafael Gonzaga
487fa8a16a
doc: add Node.js Threat Model
Co-authored-by: Michael Dawson <midawson@redhat.com>
Co-authored-by: Facundo Tuesca <facundo.tuesca@trailofbits.com>
Co-authored-by: Ulises Gascon <UlisesGascon@users.noreply.github.com>
Co-authored-by: Thomas Gentilhomme <gentilhomme.thomas@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/45223
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
2022-11-21 11:13:47 +00:00
Michael Dawson
da44fd8002 doc: allow for holidays in triage response
Signed-off-by: Michael Dawson <mdawson@devrus.com>

PR-URL: https://github.com/nodejs/node/pull/45267
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
2022-11-08 12:06:06 -08:00
Tobias Nießen
895cc572ac
doc: use ASCII apostrophes consistently
PR-URL: https://github.com/nodejs/node/pull/43114
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Darshan Sen <raisinten@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Mohammed Keyvanzadeh <mohammadkeyvanzade94@gmail.com>
2022-05-17 20:04:51 +01:00
Rich Trott
ce1c53665e
doc: remove reference to obsolete security program
The ecosystem security program via HackerOne is no longer a thing.
Remove mention of it from SECURITY.md.

PR-URL: https://github.com/nodejs/node/pull/42144
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Mestery <mestery@protonmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Darshan Sen <raisinten@gmail.com>
Reviewed-By: Danielle Adams <adamzdanielle@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
2022-03-01 04:40:12 +00:00
Matteo Collina
265a47d680 meta: increase security policy response targets
PR-URL: https://github.com/nodejs/node/pull/40968
Reviewed-By: Michael Dawson <midawson@redhat.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Myles Borins <myles.borins@gmail.com>
Reviewed-By: Vladimir de Turckheim <vlad2t@hotmail.com>
Reviewed-By: Beth Griggs <bgriggs@redhat.com>
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Danielle Adams <adamzdanielle@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
2021-11-27 20:20:36 -08:00
Rich Trott
86099a375a tools: avoid unnecessary escaping in markdown formatter
Update mdast-util-to-markdown to 1.2.4 which reduces unnecessary
escaping of `_` and some other characters. Re-run markdown formatter.

PR-URL: https://github.com/nodejs/node/pull/40645
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
2021-10-31 09:36:05 -07:00
Rich Trott
88e82b890b doc: format general markdown files
Use `make format-md` to format general markdown files.

PR-URL: https://github.com/nodejs/node/pull/40322
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Zijian Liu <lxxyxzj@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
2021-10-06 21:20:55 -07:00
Antoine du Hamel
26e318a321
doc: use HEAD instead of master for links
PR-URL: https://github.com/nodejs/node/pull/38518
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Darshan Sen <raisinten@gmail.com>
2021-05-05 10:45:30 +02:00
Rich Trott
360bf9b289 doc: use sentence-case for headers in SECURITY.md
Our doc style guide calls for sentence-case in headers.

PR-URL: https://github.com/nodejs/node/pull/34525
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Stewart X Addison <sxa@uk.ibm.com>
2020-07-28 21:58:58 -07:00
Rich Trott
5c347887d9 doc: synch SECURITY.md with website
Refs: https://github.com/nodejs/nodejs.org/pull/3106#issuecomment-614258785

PR-URL: https://github.com/nodejs/node/pull/32903
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
2020-04-19 12:02:42 -07:00
Rich Trott
d2d5c97015 doc: remove usage of "Node" in favor of "Node.js"
In accordance with the Style Guide, remove "Node" in favor of "Node.js".
A lint rule for this is forthcoming.

PR-URL: https://github.com/nodejs/node/pull/30758
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: David Carlier <devnexen@gmail.com>
Reviewed-By: Beth Griggs <Bethany.Griggs@uk.ibm.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
2019-12-03 22:48:29 -08:00
Sam Roberts
dd74b163f9 doc: sync security policy with nodejs.org
The Node.js security disclosure policy has diverged between the website
and github:
- https://nodejs.org/en/security/
- https://github.com/nodejs/node/security/policy

The website is more recent and accurate, so sync the content from:
- https://github.com/nodejs/nodejs.org/blob/master/locale/en/security.md

PR-URL: https://github.com/nodejs/node/pull/29682
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
2019-09-28 16:58:57 -07:00
Nick Schonning
e2dcbf1c32 doc: use consistent unordered list style
Convert to asterisks when there are mixed styles in document.
Addresses Markdownlint MD004 rule

PR-URL: https://github.com/nodejs/node/pull/29516
Reviewed-By: David Carlier <devnexen@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
2019-09-16 11:24:54 -07:00
warnerp18
472a3d890b doc: add SECURITY.md to readme.md
This adds a SECURITY.md file and links to the security document per the
request of @https://github.com/Trott at a recent SF Node meetup.

PR-URL: https://github.com/nodejs/node/pull/24031
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
2018-11-04 00:08:18 -07:00