Skip to content

Blog: Add hackerone new policy#8559

Merged
mcollina merged 4 commits intomainfrom
add-hackerone-new-policy
Jan 21, 2026
Merged

Blog: Add hackerone new policy#8559
mcollina merged 4 commits intomainfrom
add-hackerone-new-policy

Conversation

@RafaelGSS
Copy link
Member

@RafaelGSS RafaelGSS commented Jan 21, 2026

cc: @nodejs/tsc @nodejs/security-release

@RafaelGSS RafaelGSS requested a review from a team as a code owner January 21, 2026 14:06
Copilot AI review requested due to automatic review settings January 21, 2026 14:06
@vercel
Copy link

vercel bot commented Jan 21, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Review Updated (UTC)
nodejs-org Ready Ready Preview Jan 21, 2026 2:07pm

Request Review

@github-actions
Copy link
Contributor

github-actions bot commented Jan 21, 2026

👋 Codeowner Review Request

The following codeowners have been identified for the changed files:

Team reviewers: @nodejs/releasers

Please review the changes when you have a chance. Thank you! 🙏

Copilot AI reviewed Jan 21, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds a blog post announcing a new policy requiring HackerOne Signal score of 1.0 or higher for submitting vulnerability reports to the Node.js project. The policy aims to reduce the burden of low-quality reports on the security team.

Changes:

  • New blog post announcing HackerOne Signal requirement for vulnerability submissions
  • Explains rationale (increase in low-quality reports) and alternative contact methods for researchers below the threshold

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@codecov
Copy link

codecov bot commented Jan 21, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 75.01%. Comparing base (46e0f2b) to head (68e6d6c).
⚠️ Report is 3 commits behind head on main.
✅ All tests successful. No failed tests found.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #8559   +/-   ##
=======================================
  Coverage   75.01%   75.01%           
=======================================
  Files         103      103           
  Lines        9036     9037    +1     
  Branches      311      311           
=======================================
+ Hits         6778     6779    +1     
  Misses       2256     2256           
  Partials        2        2

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@RafaelGSS RafaelGSS added the github_actions:pull-request Trigger Pull Request Checks label Jan 21, 2026
@github-actions github-actions bot removed the github_actions:pull-request Trigger Pull Request Checks label Jan 21, 2026
@github-actions
Copy link
Contributor

github-actions bot commented Jan 21, 2026
edited
Loading

Lighthouse Results

URL Performance Accessibility Best Practices SEO Report
/en 🟢 99 🟢 96 🟢 100 🟢 100 🔗
/en/about 🟢 100 🟢 97 🟢 100 🟠 88 🔗
/en/about/previous-releases 🟢 98 🟢 100 🟢 100 🟢 100 🔗
/en/download 🟢 98 🟢 100 🟢 100 🟢 100 🔗
/en/download/archive/current 🟢 99 🟢 100 🟢 96 🟢 100 🔗
/en/blog 🟢 100 🟢 100 🟢 96 🟢 100 🔗

@github-actions
Copy link
Contributor

github-actions bot commented Jan 21, 2026

📦 Build Size Comparison

Summary

Metric Value
Old Total Size 3.74 MB
New Total Size 3.74 MB
Delta 243.00 B (+0.01%)

Changes

➕ Added Assets (1)
Name Size
.next/static/chunks/d10793e1cd3f5cc9.js 205.74 KB
➖ Removed Assets (1)
Name Size
.next/static/chunks/a7e5710a8b3c21a4.js 205.50 KB

@RafaelGSS
Copy link
Member Author

RafaelGSS commented Jan 21, 2026

Let's just make sure @mcollina checks it before landing

@RafaelGSS RafaelGSS requested a review from mcollina January 21, 2026 17:37
mcollina
mcollina approved these changes Jan 21, 2026
View reviewed changes
Copy link
Member

@mcollina mcollina left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@mcollina mcollina added this pull request to the merge queue Jan 21, 2026
Merged via the queue into main with commit dbf3711 Jan 21, 2026
23 checks passed
@mcollina mcollina deleted the add-hackerone-new-policy branch January 21, 2026 21:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@mcollina mcollina mcollina approved these changes

@UlisesGascon UlisesGascon UlisesGascon approved these changes

@richardlau richardlau richardlau approved these changes

@BridgeAR BridgeAR BridgeAR approved these changes

@aymen94 aymen94 aymen94 approved these changes

@marco-ippolito marco-ippolito marco-ippolito approved these changes

@avivkeller avivkeller avivkeller approved these changes

@bjohansebas bjohansebas bjohansebas approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

9 participants

@RafaelGSS @mcollina @UlisesGascon @richardlau @BridgeAR @aymen94 @marco-ippolito @avivkeller @bjohansebas