Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add March 2025 CI incident blog post #7588

Merged
merged 2 commits into from
Apr 1, 2025
Merged

Add March 2025 CI incident blog post #7588

merged 2 commits into from
Apr 1, 2025

Conversation

mcollina
Copy link
Member

@mcollina mcollina commented Mar 31, 2025
edited by avivkeller
Loading

as discussed with the @nodejs/tsc in private.

See https://github.com/nodejs/moderation/issues/830 (🔏Private repository)

@Copilot Copilot bot review requested due to automatic review settings March 31, 2025 17:04
@mcollina mcollina requested a review from a team as a code owner March 31, 2025 17:04
@vercel Vercel
Copy link

vercel bot commented Mar 31, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Updated (UTC)
nodejs-org ✅ Ready (Inspect) Visit Preview Mar 31, 2025 5:06pm

Copilot
Copilot AI reviewed Mar 31, 2025
View reviewed changes
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

A new blog post is added to the Node.js website reporting a CI security incident.

  • Introduces a markdown file containing the blog content
  • Describes the incident with metadata including date, category, title, and author
Comments suppressed due to low confidence (1)

apps/site/pages/en/blog/vulnerability/march-2025-ci-incident.md:4

  • [nitpick] The title includes the word 'Test' which might be unintentional; confirm whether this is a placeholder or should be updated to correctly reflect the incident.
title: Node.js Test CI Security Incident

mhdawson
mhdawson approved these changes Mar 31, 2025
View reviewed changes
Copy link
Member

@mhdawson mhdawson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

SecurityCRob
SecurityCRob reviewed Mar 31, 2025
View reviewed changes
Copy link

@SecurityCRob SecurityCRob left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1

@avivkeller avivkeller added the fast-track Fast Tracking PRs label Mar 31, 2025
@avivkeller avivkeller added the github_actions:pull-request Trigger Pull Request Checks label Mar 31, 2025
@github-actions github-actions bot removed the github_actions:pull-request Trigger Pull Request Checks label Mar 31, 2025
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Mar 31, 2025
edited
Loading

Lighthouse Results

URL Performance Accessibility Best Practices SEO Report
/en 🟢 100 🟢 100 🟢 100 🟢 91 🔗
/en/about 🟢 100 🟢 100 🟢 100 🟢 91 🔗
/en/about/previous-releases 🟢 100 🟢 100 🟢 100 🟢 92 🔗
/en/download 🟠 89 🟢 100 🟢 100 🟢 91 🔗
/en/blog 🟢 100 🟢 100 🟢 96 🟢 92 🔗

@github-actions GitHub Actions
Copy link
Contributor

Unit Test Coverage Report

Title Lines Statements Branches Functions
@node-core/ui-components Coverage: 95%
 95.83% (161/168) 77.86% (102/131) 88.57% (31/35)
@nodejs/website Coverage: 87%
 84.74% (500/590) 76.03% (165/217) 87.09% (108/124)
Title Tests Skipped Failures Errors Time
@node-core/ui-components 24 0 💤 0 ❌ 0 🔥 4.791s ⏱️
@nodejs/website 157 0 💤 0 ❌ 0 🔥 6.409s ⏱️

@avivkeller
Copy link
Member

avivkeller commented Mar 31, 2025
edited
Loading

@mcollina does this require a banner? If not, merge at will.

MattIPv4
MattIPv4 reviewed Mar 31, 2025
View reviewed changes
apps/site/pages/en/blog/vulnerability/march-2025-ci-incident.md

The reported issue did not impact the Node.js runtime and there is no risk to users of Node.js. No action by Node.js users is required.

The development infrastructure is expected to be available to the community by April 15 or sooner.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
The development infrastructure is expected to be available to the community by April 15 or sooner.
The development infrastructure is expected to be available to the community by April 15th or sooner.

@mcollina mcollina merged commit 92a16a9 into nodejs:main Apr 1, 2025
22 checks passed
@mcollina mcollina deleted the incident branch April 1, 2025 03:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@SecurityCRob SecurityCRob SecurityCRob left review comments

@bmuenzenmeyer bmuenzenmeyer bmuenzenmeyer left review comments

Copilot code review Copilot Copilot left review comments

@AugustinMauroy AugustinMauroy AugustinMauroy left review comments

@UlisesGascon UlisesGascon UlisesGascon approved these changes

@mhdawson mhdawson mhdawson approved these changes

@MattIPv4 MattIPv4 MattIPv4 approved these changes

@RafaelGSS RafaelGSS RafaelGSS approved these changes

@avivkeller avivkeller avivkeller approved these changes

@BridgeAR BridgeAR BridgeAR approved these changes

@flakey5 flakey5 flakey5 approved these changes

@ljharb ljharb ljharb approved these changes

@bjohansebas bjohansebas bjohansebas approved these changes

@anonrig anonrig anonrig approved these changes

Assignees
No one assigned
Labels
fast-track Fast Tracking PRs
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.