Session Proposal: Node.js | Let's automate Node's dependency updates! about summit HOT 9 CLOSED

Hey Marco 👋 thank you for submitting a Collab Summit Session.

This talk sounds like it is targeted at Node.js's end-users and not at contributors and maintainers of Node.js. Even tho if that's not the case, the talk doesn't seem to fit the Collab Summit's model.

I'm afraid we will not be able to proceed with this talk on our agenda.

from summit.

@ovflowd This is related to work in the Node.js project. Node.js includes dependencies and this topic is related to automating how the Node.js projects updates those depdendencies. High level tracking/discussion is in - nodejs/security-wg#828

from summit.

If that's the case, then that's something completely different! You could have explained it to me @marco-ippolito and not simply blindly accepted my closure of the issue 🙈

Thanks, @mhdawson for noticing this 🙇

from summit.

FYI: This session got approved and added to our agenda ✅ 🎉

from summit.

re-opening for some additional discussion as my take is that it could be a way to encourage additional people to help out with working through the list that we need to automate and could fit the summit model in that context. @marco-ippolito is that what you had in mind?

from summit.

Yes I wanted to talk about the work we did in the security working group for the dependency update automation and explain why it is important, and maybe gather more people 😁

from summit.

@marco-ippolito We usually try to make collab summit sessions not only informative, but also about actionable topics. Is this expected to still be actionable for contributors after the collab summit? Based on the list in nodejs/security-wg#828, it looks like most Node.js dependency updates are automated already, and the remaining ones are either close to being automated (ngtcp2, zlib, googletest, ...) or unlikely to be fully automated in the near future due to the amount of manual work that is usually required (V8).

from summit.

@tniessen you are correct, there has been a lot of work in past months so there are only few dependencies left to automate.
It's my first time submitting a proposal for the collab summit so please forgive me if my proposal is not aligned with the scope.

from summit.

I assume that sessions that mostly review existing work are still in scope; #346 and #355 sound like they are mostly going to go over existing work, too.

from summit.