docs: added meeting minutes 2023-05-11 (#983)

patrickm68 · tniessen · patrickm68 · commit 730e87cc221f · 2023-05-13T16:44:21.000+02:00
* docs: added meeting minutes 2023-05-11 related nodejs/security-wg#977 * Update meetings/2023-05-11.md Co-authored-by: Tobias Nießen <tniessen@tnie.de> --------- Co-authored-by: Tobias Nießen <tniessen@tnie.de>
diff --git a/meetings/2023-05-11.md b/meetings/2023-05-11.md
@@ -0,0 +1,65 @@
+# Node.js  Security WorkGroup Meeting 2023-05-11
+
+## Links
+
+* **Recording**:  https://www.youtube.com/watch?v=xtbjcbMjAvQ
+* **GitHub Issue**: https://github.com/nodejs/security-wg/issues/977
+* **Minutes Google Doc**: https://docs.google.com/document/d/19rq7F__F3qSdW8v3CeACJ6LpWHLlnWZsTgJWVWUwltI/edit
+
+## Present
+
+* Security wg team: @nodejs/security-wg
+  * Marco Ippolito @marco-ippolito
+  * Thomas GENTILHOMME @fraxken
+  * Ulises Gascon: @ulisesGascon
+
+## Agenda
+
+## Announcements
+
+*Extracted from **security-wg-agenda** labelled issues and pull requests from the **nodejs org** prior to the meeting.
+
+- [ ] Vulnerability Review - https://github.com/nodejs/nodejs-dependency-vuln-assessments/issues
+  - Waiting for OpenSSL release
+- [ ] OpenSSF Scorecard Monitor Review - https://github.com/nodejs/security-wg/issues?q=is%3Aissue+OpenSSF+Scorecard+Report+Updated%21+
+https://github.com/nodejs/security-wg/pull/981
+  - No big changes. Just some organic changes for Undici 
+
+### nodejs/security-wg
+
+* Initiative for CII-Best-Practices for Nodejs Projects [#953](https://github.com/nodejs/security-wg/issues/953)
+  * Ulises: will merge and resolve the discussions for Entry-level PR: https://github.com/nodejs/security-wg/pull/954
+  * Ulises will ask for permissions to push the changes to the OpenSSF project site
+  * We can start the discussion for silver-level in PR: https://github.com/nodejs/security-wg/pull/955
+  * We have discussed if we can extend this to Undici as well
+* Improve Node.js Scorecard [#929](https://github.com/nodejs/security-wg/issues/929)
+  * Ulises will update the report and remove it from the agenda
+* Permission Model - Roadmap [#898](https://github.com/nodejs/security-wg/issues/898)
+  * Marco started to work in the path resolver in c++
+* Improve SecurityWG Scorecard [#884](https://github.com/nodejs/security-wg/issues/884)
+  * Ulises will update the report and remove it from the agenda
+  * We need to check how to get access to the security tab in Github for the Security WG team members. Ulises will create an issue about it
+* Automate security release process [#860](https://github.com/nodejs/security-wg/issues/860)
+  * During the collaborators summit Rafael mentioned that there is room for the community to support this initiative with automations/tooling..
+  * Ulises to discuss with Refael if we can create a task list/introduction in the next session so the community can pick pending actions and help us.
+* Assessment against best practices (OpenSSF Scorecards ...) [#859](https://github.com/nodejs/security-wg/issues/859)
+  * It will be great to update the issue (as it is a reference) and update the pending actions and activities on going.
+* Discussion about policy-integrity integration on Windows [#856](https://github.com/nodejs/security-wg/issues/856)
+  * No forum to discuss about it
+* Automate updates of all dependencies [#828](https://github.com/nodejs/security-wg/issues/828)
+  * Marco has almost completed all the dependencies
+  * There is a discussion ongoing about this PR: https://github.com/nodejs/node/pull/47742. Your feedback is appreciated to unblock the discussion.
+  * Next step is to work in the regression so we can port the updated dependencies to the other Node.js versions available (16,18..).
+  * Marco will add more issues to the agenda for the next phase
+
+## Q&A, Other
+
+  * Congratulations to the Security WG from the collaborators summit, there is a very positive feedback for the job we made the last months. 
+  * Security is going to be a key part in Node.js for the following years.
+
+## Upcoming Meetings
+
+* **Node.js Project Calendar**: <https://nodejs.org/calendar>
+
+Click `+GoogleCalendar` at the bottom right to add to your own Google calendar.
+
