doc: clarify Corepack threat model #51917
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Review requested:
|
RafaelGSS
approved these changes
Feb 28, 2024
GeoffreyBooth
approved these changes
Feb 28, 2024
trivikr
approved these changes
Feb 29, 2024
anonrig
approved these changes
Feb 29, 2024
debadree25
added
the
author ready
MoLow
approved these changes
Feb 29, 2024
arcanis
approved these changes
Feb 29, 2024
ShogunPanda
approved these changes
Feb 29, 2024
aduh95
added
the
commit-queue
MylesBorins
reviewed
Feb 29, 2024
| @@ -201,6 +201,13 @@ the community they pose. | |||
| that artifact is large enough to impact performance or | |||
| cause the runtime to run out of resources. | |||
|
|
|||
| #### Vulnerabilities affecting software downloaded by Corepack | |||
|
|
|||
| * Corepack defaults to downloading the latest version of the software requested | |||
There was a problem hiding this comment.
Should we call out that it doesn't always download from npm?
This is unique from downloading package managers with npm
There was a problem hiding this comment.
I'm not sure there is the assumption that downloads are from npm, so I'm good either way.
UlisesGascon
approved these changes
Feb 29, 2024
lpinca
approved these changes
Feb 29, 2024
anonrig
approved these changes
Mar 1, 2024
legendecas
approved these changes
Mar 1, 2024
benjamingr
approved these changes
Mar 1, 2024
nodejs-github-bot
removed
the
commit-queue
|
Landed in 1429381 |
targos
pushed a commit
that referenced
this pull request
Mar 7, 2024
PR-URL: #51917 Reviewed-By: Rafael Gonzaga <[email protected]> Reviewed-By: Geoffrey Booth <[email protected]> Reviewed-By: Trivikram Kamat <[email protected]> Reviewed-By: Yagiz Nizipli <[email protected]> Reviewed-By: Moshe Atlow <[email protected]> Reviewed-By: Paolo Insogna <[email protected]> Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Michael Dawson <[email protected]> Reviewed-By: Chengzhong Wu <[email protected]> Reviewed-By: Benjamin Gruenbaum <[email protected]>
richardlau
pushed a commit
that referenced
this pull request
Mar 25, 2024
PR-URL: #51917 Reviewed-By: Rafael Gonzaga <[email protected]> Reviewed-By: Geoffrey Booth <[email protected]> Reviewed-By: Trivikram Kamat <[email protected]> Reviewed-By: Yagiz Nizipli <[email protected]> Reviewed-By: Moshe Atlow <[email protected]> Reviewed-By: Paolo Insogna <[email protected]> Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Michael Dawson <[email protected]> Reviewed-By: Chengzhong Wu <[email protected]> Reviewed-By: Benjamin Gruenbaum <[email protected]>
richardlau
pushed a commit
that referenced
this pull request
Mar 25, 2024
PR-URL: #51917 Reviewed-By: Rafael Gonzaga <[email protected]> Reviewed-By: Geoffrey Booth <[email protected]> Reviewed-By: Trivikram Kamat <[email protected]> Reviewed-By: Yagiz Nizipli <[email protected]> Reviewed-By: Moshe Atlow <[email protected]> Reviewed-By: Paolo Insogna <[email protected]> Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Michael Dawson <[email protected]> Reviewed-By: Chengzhong Wu <[email protected]> Reviewed-By: Benjamin Gruenbaum <[email protected]>
Merged
rdw-msft
pushed a commit
to rdw-msft/node
that referenced
this pull request
Mar 26, 2024
PR-URL: nodejs#51917 Reviewed-By: Rafael Gonzaga <[email protected]> Reviewed-By: Geoffrey Booth <[email protected]> Reviewed-By: Trivikram Kamat <[email protected]> Reviewed-By: Yagiz Nizipli <[email protected]> Reviewed-By: Moshe Atlow <[email protected]> Reviewed-By: Paolo Insogna <[email protected]> Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Michael Dawson <[email protected]> Reviewed-By: Chengzhong Wu <[email protected]> Reviewed-By: Benjamin Gruenbaum <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Refs: #51886 (comment)