Skip to content

Blog: add update to Security CI incident #7658

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 9 commits into from
Apr 23, 2025
Merged

Blog: add update to Security CI incident #7658

merged 9 commits into from
Apr 23, 2025

Conversation

@RafaelGSS
Copy link
Member

@RafaelGSS RafaelGSS commented Apr 17, 2025

cc: @nodejs/tsc

@RafaelGSS @aduh95
@richardlau @mcollina
Blog: add update to Security CI incident
97a9c96 
Co-Authored-By: Antoine du Hamel <[email protected]>
Co-Authored-By: Richard Lau <[email protected]>
Co-Authored-By: Matteo Collina <[email protected]>
@RafaelGSS RafaelGSS requested a review from a team as a code owner April 17, 2025 16:04
@vercel
Copy link

vercel bot commented Apr 17, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Updated (UTC)
nodejs-org ✅ Ready (Inspect) Visit Preview Apr 23, 2025 2:26pm

avivkeller
avivkeller reviewed Apr 17, 2025
View reviewed changes
avivkeller
avivkeller reviewed Apr 17, 2025
View reviewed changes
avivkeller
avivkeller reviewed Apr 17, 2025
View reviewed changes
@avivkeller
Copy link
Member

avivkeller commented Apr 17, 2025

FYI for Node.js Website Team (Unrelated to contents of this PR):
https://nodejs-org-git-security-incident-update-openjs.vercel.app/en/feed/vulnerability.xml shows #7648 in action

@ovflowd ovflowd added the github_actions:pull-request Trigger Pull Request Checks label Apr 17, 2025
@github-actions github-actions bot removed the github_actions:pull-request Trigger Pull Request Checks label Apr 17, 2025
@github-actions
Copy link
Contributor

github-actions bot commented Apr 17, 2025
edited
Loading

Lighthouse Results

URL Performance Accessibility Best Practices SEO Report
/en 🟢 99 🟢 100 🟢 100 🟢 91 🔗
/en/about 🟢 100 🟢 100 🟢 100 🟢 91 🔗
/en/about/previous-releases 🟢 99 🟢 100 🟢 100 🟢 92 🔗
/en/download 🟢 98 🟢 100 🟢 96 🟢 91 🔗
/en/blog 🟢 100 🟢 100 🟢 96 🟢 92 🔗

aduh95
aduh95 reviewed Apr 17, 2025
View reviewed changes
aduh95
aduh95 reviewed Apr 17, 2025
View reviewed changes
@codecov-commenter
Copy link

codecov-commenter commented Apr 18, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Please upload report for BASE (main@d9c0508). Learn more about missing BASE report.

✅ All tests successful. No failed tests found.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #7658   +/-   ##
=======================================
  Coverage        ?   74.61%           
=======================================
  Files           ?       96           
  Lines           ?     7689           
  Branches        ?      192           
=======================================
  Hits            ?     5737           
  Misses          ?     1950           
  Partials        ?        2

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@RafaelGSS
Copy link
Member Author

RafaelGSS commented Apr 18, 2025

FYI, I might not be available next week. Feel free to merge this PR on Monday.

@avivkeller avivkeller added the github_actions:pull-request Trigger Pull Request Checks label Apr 18, 2025
@github-actions github-actions bot removed the github_actions:pull-request Trigger Pull Request Checks label Apr 18, 2025
mcollina
mcollina requested changes Apr 18, 2025
View reviewed changes
Copy link
Member

@mcollina mcollina left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I need to send some edit, will do asap.

aduh95
aduh95 reviewed Apr 22, 2025
View reviewed changes
aduh95
aduh95 reviewed Apr 22, 2025
View reviewed changes
mhdawson
mhdawson approved these changes Apr 22, 2025
View reviewed changes
Copy link
Member

@mhdawson mhdawson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@mcollina
Copy link
Member

mcollina commented Apr 23, 2025

@nodejs/nodejs-website can someone help me sorting out the linting here? This is exactly like we want it.

mcollina
mcollina approved these changes Apr 23, 2025
View reviewed changes
Copy link
Member

@mcollina mcollina left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

mcollina
mcollina reviewed Apr 23, 2025
View reviewed changes
mcollina
mcollina reviewed Apr 23, 2025
View reviewed changes
@avivkeller
Copy link
Member

avivkeller commented Apr 23, 2025

@nodejs/nodejs-website can someone help me sorting out the linting here?

You need to run npm format.

This is exactly like we want it.

What does npm format do that isn't acceptable?

@mcollina
Copy link
Member

mcollina commented Apr 23, 2025 

@node-core/website:lint: @node-core/website:lint:md: cache hit, replaying logs c9d8947053a45b98
@node-core/website:lint: @node-core/website:lint:md:
@node-core/website:lint: @node-core/website:lint:md:
@node-core/website:lint: @node-core/website:lint:md: > lint:md
@node-core/website:lint: @node-core/website:lint:md: > eslint "**/*.md?(x)" --cache --cache-strategy=content --cache-location=.eslintmdcache
@node-core/website:lint: @node-core/website:lint:md:
@node-core/website:lint:
@node-core/website:lint: @node-core/website:lint:md: /Users/matteo/repos/nodejs.org/apps/site/pages/en/blog/vulnerability/march-2025-ci-incident.md
@node-core/website:lint: @node-core/website:lint:md:   70:1  warning  {"reason":"Unexpected duplicate toplevel heading, exected a single heading with rank `1`","source"@node-core/website:lint: no-multiple-toplevel-headings","severity":1}  mdx/remark
@node-core/website:lint: @node-core/website:lint:md:
@node-core/website:lint: @node-core/website:lint:md: ✖ 1 problem (0 errors, 1 warning)
@node-core/website:lint: @node-core/website:lint:md:   0 errors and 1 warning potentially fixable with the `--fix` option.
@node-core/website:lint: @node-core/website:lint:md:

Note that the content is correct.

@avivkeller
Copy link
Member

avivkeller commented Apr 23, 2025
edited
Loading

Can you run prettier on the content? The ESLint issue is just a warning, and wouldn't fail the quality checks

@mcollina
fixup
4ba20de 
Signed-off-by: Matteo Collina <[email protected]>
mcollina
mcollina approved these changes Apr 23, 2025
View reviewed changes
Copy link
Member

@mcollina mcollina left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@avivkeller avivkeller added the github_actions:pull-request Trigger Pull Request Checks label Apr 23, 2025
@github-actions github-actions bot removed the github_actions:pull-request Trigger Pull Request Checks label Apr 23, 2025
@aduh95 aduh95 added this pull request to the merge queue Apr 23, 2025
Merged via the queue into main with commit 0b24039 Apr 23, 2025
16 checks passed
@aduh95 aduh95 deleted the security-incident-update branch April 23, 2025 15:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@aduh95 aduh95 aduh95 left review comments

@mcollina mcollina mcollina approved these changes

@anonrig anonrig anonrig approved these changes

@UlisesGascon UlisesGascon UlisesGascon approved these changes

@mhdawson mhdawson mhdawson approved these changes

@aymen94 aymen94 aymen94 approved these changes

@avivkeller avivkeller avivkeller approved these changes

@bjohansebas bjohansebas bjohansebas approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.