-
Notifications
You must be signed in to change notification settings - Fork 30k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
src: remove erroneous CVE-2024-27980 revert option #52543
src: remove erroneous CVE-2024-27980 revert option #52543
Conversation
No security reverts should exist on the main branch.
836c4c0
to
fe22cd6
Compare
This comment was marked as outdated.
This comment was marked as outdated.
That was on purpose. That's why I left https://github.com/nodejs-private/node-private/pull/565 open, otherwise, I would need to avoid this commit somehow in the last sync for Node.js 22 (which is basically a |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM.
Note, I would not merge it until v22.0.0 is out.
@RafaelGSS Should I rebase #52365 then and then later rebase this PR on top of that or should I consider both blocked? I wasn't aware that we can't merge non-v22 commits into main at this point. |
Technically, we can... but it makes our process of a semver-major release slightly harder. For instance, you can add a I think a rebase is not necessary, #52365 can land without issues. |
I don't understand why the revert is included for Node.js 22 -- we haven't had any releases of that yet and we should release Node.js 22 without any security reverts. |
I have included it because a backport specifically to Node.js 22 was created: https://github.com/nodejs-private/node-private/pull/560. |
I suppose a backport was created because the branch existed. |
If you all agree, let's merge it then. I can pull directly into v22.x. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I agree that these items need to be merged... LGTM
Landed in 3790d52 |
No security reverts should exist on the main branch. PR-URL: #52543 Reviewed-By: Richard Lau <[email protected]> Reviewed-By: Yagiz Nizipli <[email protected]> Reviewed-By: Rafael Gonzaga <[email protected]> Reviewed-By: Luigi Pinca <[email protected]>
No security reverts should exist on the main branch.
It seems to me that this was done correctly by @bnoordhuis in https://github.com/nodejs-private/node-private/pull/565 but that commit somehow didn't end up on the
main
branch in this repository.