From 9e83c00e0bfa02ba10f8a2115ea6766e4f4c849e Mon Sep 17 00:00:00 2001 From: RafaelGSS Date: Fri, 16 Sep 2022 18:32:11 -0300 Subject: [PATCH] doc: mention where to push security commits MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit PR-URL: https://github.com/nodejs/node/pull/44691 Reviewed-By: Danielle Adams Reviewed-By: Michaƫl Zasso Reviewed-By: Myles Borins --- doc/contributing/releases.md | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/doc/contributing/releases.md b/doc/contributing/releases.md index 8ca866cb595c9f..76a4cdd5fb16a1 100644 --- a/doc/contributing/releases.md +++ b/doc/contributing/releases.md @@ -263,6 +263,19 @@ branch. $ git checkout -b v1.2.3-proposal upstream/v1.x-staging ``` +
+Security release + +When performing Security Releases, the `vN.x.x-proposal` branch should be +branched off of `vN.x`. + +```console +$ git checkout -b v1.2.3-proposal upstream/v1.x +git cherry-pick ... # cherry-pick nodejs-private PR commits directly into the proposal +``` + +
+ ### 3. Update `src/node_version.h` Set the version for the proposed release using the following macros, which are @@ -458,6 +471,9 @@ Notable changes: PR-URL: TBD ``` +**Note**: Ensure to push the proposal branch to the nodejs-private repository. +Otherwise, you will leak the commits before the security release. + ### 6. Propose release on GitHub