doc: add 2024-09-12 meeting notes (#1380)

RafaelGSS · UlisesGascon · web-flow · commit 9b38e9f267ff · 2024-09-25T17:26:06.000-03:00
* doc: add 2024-09-12 meeting notes

* Update meetings/2024-09-12.md

Co-authored-by: Ulises Gascón &lt;ulisesgascongonzalez@gmail.com&gt;

---------

Co-authored-by: Ulises Gascón &lt;ulisesgascongonzalez@gmail.com&gt;
diff --git a/meetings/2024-09-12.md b/meetings/2024-09-12.md
@@ -0,0 +1,61 @@
+# Node.js  Security team Meeting 2024-09-12
+
+## Links
+
+* **Recording**:  https://www.youtube.com/watch?v=9xrNEZPBFD0
+* **GitHub Issue**: https://github.com/nodejs/security-wg/issues/1375
+* **Minutes Google Doc**: https://docs.google.com/document/d/1eGBJFVcCE6pfRoWoBRjIgwehPl0SzxiNG70YiYeJw68/edit
+
+## Present
+
+* Security wg team: @nodejs/security-wg
+* Thomas GENTILHOMME: @fraxken
+* Marco Ippolito: @marco-ippolito
+* Rafael Gonzaga: @RafaelGSS
+* Michael Dawson: @mhdawson
+* Ulises Gascón: @UlisesGascon
+
+## Agenda
+
+## Announcements
+
+*Extracted from **security-wg-agenda** labelled issues and pull requests from the **nodejs org** prior to the meeting.
+
+* Express v5 came with security fixes to body-parser plugin
+* Node.js vulnerability database now includes a severity field
+* https://github.com/nodejs/nodejs-cve-checker - Rafael will double check if the scheduled CVE were now published
+
+- [X] Vulnerability Review - https://github.com/nodejs/nodejs-dependency-vuln-assessments/issues
+  - V8 backport to Node.js v18 is unlikely to happen as there’s a risk to break users in general
+- [X] OpenSSF Scorecard Monitor Review
+  - No action is needed from our side. PR: https://github.com/nodejs/security-wg/pull/1378
+
+### nodejs/node
+
+* src: add WDAC integration (Windows) [#54364](https://github.com/nodejs/node/pull/54364)
+  * no action this week
+
+### nodejs/security-wg
+
+* Node.js maintainers: Threat Model [#1333](https://github.com/nodejs/security-wg/issues/1333)
+  * Team effort to fill all fields of access-per-group
+  * Rafael will open a PR to TSC to ask for feedback
+* Audit build process for dependencies [#1037](https://github.com/nodejs/security-wg/issues/1037)
+  * no action this week
+  
+* Automate security release process [#860](https://github.com/nodejs/security-wg/issues/860)
+  * no action this week
+  * https://github.com/nodejs/node-core-utils/pull/835 this PR automates promotion step
+
+
+## Q&A, Other
+@Ulises: Let’s review https://github.com/nodejs/nodejs.org/pull/6979 (alternative: https://github.com/nodejs/nodejs.org/pull/7034)
+
+
+
+## Upcoming Meetings
+
+* **Node.js Project Calendar**: <https://nodejs.org/calendar>
+
+Click `+GoogleCalendar` at the bottom right to add to your own Google calendar.
+
