doc: add additional guidance for PRs to deps#53499
Closed
mhdawson wants to merge 4 commits intonodejs:mainfrom
Closed
doc: add additional guidance for PRs to deps#53499mhdawson wants to merge 4 commits intonodejs:mainfrom
mhdawson wants to merge 4 commits intonodejs:mainfrom
Conversation
- add additional guidance based in discussion related to recent PR to dependency and discussion within the security-wg slack channel. Refs: nodejs/security-wg#1329 Signed-off-by: Michael Dawson <midawson@redhat.com>
Collaborator
|
Review requested:
|
This was referenced Jun 18, 2024
RafaelGSS
approved these changes
Jun 18, 2024
legendecas
approved these changes
Jun 18, 2024
marco-ippolito
approved these changes
Jun 18, 2024
avivkeller
reviewed
Jun 18, 2024
Member
avivkeller
left a comment
avivkeller
left a comment
There was a problem hiding this comment.
One nitpick, but as a triage member, this review isn't blocking nor approving.
targos
approved these changes
Jun 18, 2024
aduh95
reviewed
Jun 19, 2024
Comment on lines
+147
to
+150
| PRs for manual dependency updates should only be accepted if | ||
| the update cannot be generated by the automated tooling, | ||
| the reason is clearly documented and either the PR is | ||
| reviewed in detail or it is from an existing collaborator. |
Contributor
There was a problem hiding this comment.
Should we add a note about only accepting changes that have landed upstream, and "the TSC may grant exception on a case-by-case basis"? I think it's already more or less the policy we're currently organically following, so IMO it'd make sense explicitly state it out.
Member
Author
There was a problem hiding this comment.
@aduh95 added some wording along those lines.
UlisesGascon
approved these changes
Jun 19, 2024
lpinca
approved these changes
Jun 19, 2024
richardlau
reviewed
Jun 19, 2024
Signed-off-by: Michael Dawson <midawson@redhat.com>
richardlau
approved these changes
Jun 19, 2024
marco-ippolito
added
the
author ready
mhdawson
added a commit
that referenced
this pull request
Jun 20, 2024
- add additional guidance based in discussion related to recent PR to dependency and discussion within the security-wg slack channel. Refs: nodejs/security-wg#1329 Signed-off-by: Michael Dawson <midawson@redhat.com> PR-URL: #53499 Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com> Reviewed-By: Chengzhong Wu <legendecas@gmail.com> Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com> Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Ulises Gascón <ulisesgascongonzalez@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Richard Lau <rlau@redhat.com>
Member
Author
|
Landed in 53e9106 |
eliphazbouye
pushed a commit
to eliphazbouye/node
that referenced
this pull request
Jun 20, 2024
- add additional guidance based in discussion related to recent PR to dependency and discussion within the security-wg slack channel. Refs: nodejs/security-wg#1329 Signed-off-by: Michael Dawson <midawson@redhat.com> PR-URL: nodejs#53499 Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com> Reviewed-By: Chengzhong Wu <legendecas@gmail.com> Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com> Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Ulises Gascón <ulisesgascongonzalez@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Richard Lau <rlau@redhat.com>
targos
pushed a commit
that referenced
this pull request
Jun 21, 2024
- add additional guidance based in discussion related to recent PR to dependency and discussion within the security-wg slack channel. Refs: nodejs/security-wg#1329 Signed-off-by: Michael Dawson <midawson@redhat.com> PR-URL: #53499 Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com> Reviewed-By: Chengzhong Wu <legendecas@gmail.com> Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com> Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Ulises Gascón <ulisesgascongonzalez@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Richard Lau <rlau@redhat.com>
bmeck
pushed a commit
to bmeck/node
that referenced
this pull request
Jun 22, 2024
- add additional guidance based in discussion related to recent PR to dependency and discussion within the security-wg slack channel. Refs: nodejs/security-wg#1329 Signed-off-by: Michael Dawson <midawson@redhat.com> PR-URL: nodejs#53499 Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com> Reviewed-By: Chengzhong Wu <legendecas@gmail.com> Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com> Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Ulises Gascón <ulisesgascongonzalez@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Richard Lau <rlau@redhat.com>
marco-ippolito
pushed a commit
that referenced
this pull request
Jul 19, 2024
- add additional guidance based in discussion related to recent PR to dependency and discussion within the security-wg slack channel. Refs: nodejs/security-wg#1329 Signed-off-by: Michael Dawson <midawson@redhat.com> PR-URL: #53499 Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com> Reviewed-By: Chengzhong Wu <legendecas@gmail.com> Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com> Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Ulises Gascón <ulisesgascongonzalez@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Richard Lau <rlau@redhat.com>
marco-ippolito
pushed a commit
that referenced
this pull request
Jul 19, 2024
- add additional guidance based in discussion related to recent PR to dependency and discussion within the security-wg slack channel. Refs: nodejs/security-wg#1329 Signed-off-by: Michael Dawson <midawson@redhat.com> PR-URL: #53499 Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com> Reviewed-By: Chengzhong Wu <legendecas@gmail.com> Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com> Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Ulises Gascón <ulisesgascongonzalez@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Richard Lau <rlau@redhat.com>
Merged
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
11 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Refs: nodejs/security-wg#1329