doc: clarify Corepack threat model#51917
Merged
nodejs-github-bot merged 2 commits intonodejs:mainfrom Mar 1, 2024
Merged
Conversation
Collaborator
|
Review requested:
|
RafaelGSS
approved these changes
Feb 28, 2024
GeoffreyBooth
approved these changes
Feb 28, 2024
Member
GeoffreyBooth
left a comment
There was a problem hiding this comment.
The same can be said about anything the user downloads via npm, I would assume, though perhaps that’s obvious.
trivikr
approved these changes
Feb 29, 2024
anonrig
approved these changes
Feb 29, 2024
MoLow
approved these changes
Feb 29, 2024
arcanis
approved these changes
Feb 29, 2024
ShogunPanda
approved these changes
Feb 29, 2024
MylesBorins
reviewed
Feb 29, 2024
|
|
||
| #### Vulnerabilities affecting software downloaded by Corepack | ||
|
|
||
| * Corepack defaults to downloading the latest version of the software requested |
Contributor
There was a problem hiding this comment.
Should we call out that it doesn't always download from npm?
This is unique from downloading package managers with npm
Member
There was a problem hiding this comment.
I'm not sure there is the assumption that downloads are from npm, so I'm good either way.
UlisesGascon
approved these changes
Feb 29, 2024
lpinca
approved these changes
Feb 29, 2024
anonrig
approved these changes
Mar 1, 2024
legendecas
approved these changes
Mar 1, 2024
benjamingr
approved these changes
Mar 1, 2024
Collaborator
|
Landed in 1429381 |
targos
pushed a commit
that referenced
this pull request
Mar 7, 2024
PR-URL: #51917 Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com> Reviewed-By: Geoffrey Booth <webadmin@geoffreybooth.com> Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com> Reviewed-By: Yagiz Nizipli <yagiz.nizipli@sentry.io> Reviewed-By: Moshe Atlow <moshe@atlow.co.il> Reviewed-By: Paolo Insogna <paolo@cowtech.it> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Michael Dawson <midawson@redhat.com> Reviewed-By: Chengzhong Wu <legendecas@gmail.com> Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
richardlau
pushed a commit
that referenced
this pull request
Mar 25, 2024
PR-URL: #51917 Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com> Reviewed-By: Geoffrey Booth <webadmin@geoffreybooth.com> Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com> Reviewed-By: Yagiz Nizipli <yagiz.nizipli@sentry.io> Reviewed-By: Moshe Atlow <moshe@atlow.co.il> Reviewed-By: Paolo Insogna <paolo@cowtech.it> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Michael Dawson <midawson@redhat.com> Reviewed-By: Chengzhong Wu <legendecas@gmail.com> Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
richardlau
pushed a commit
that referenced
this pull request
Mar 25, 2024
PR-URL: #51917 Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com> Reviewed-By: Geoffrey Booth <webadmin@geoffreybooth.com> Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com> Reviewed-By: Yagiz Nizipli <yagiz.nizipli@sentry.io> Reviewed-By: Moshe Atlow <moshe@atlow.co.il> Reviewed-By: Paolo Insogna <paolo@cowtech.it> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Michael Dawson <midawson@redhat.com> Reviewed-By: Chengzhong Wu <legendecas@gmail.com> Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Merged
rdw-msft
pushed a commit
to rdw-msft/node
that referenced
this pull request
Mar 26, 2024
PR-URL: nodejs#51917 Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com> Reviewed-By: Geoffrey Booth <webadmin@geoffreybooth.com> Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com> Reviewed-By: Yagiz Nizipli <yagiz.nizipli@sentry.io> Reviewed-By: Moshe Atlow <moshe@atlow.co.il> Reviewed-By: Paolo Insogna <paolo@cowtech.it> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Michael Dawson <midawson@redhat.com> Reviewed-By: Chengzhong Wu <legendecas@gmail.com> Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
16 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Refs: #51886 (comment)