From 97a9c9624de97f49952aefd8ebe17307026c3ccd Mon Sep 17 00:00:00 2001
From: RafaelGSS <rafael.nunu@hotmail.com>
Date: Wed, 16 Apr 2025 03:03:56 -0300
Subject: [PATCH 1/9] Blog: add update to Security CI incident

Co-Authored-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Co-Authored-By: Richard Lau <rlau@redhat.com>
Co-Authored-By: Matteo Collina <matteo.collina@gmail.com>
---
 .../vulnerability/march-2025-ci-incident.md   | 66 ++++++++++++++++++-
 .../example_attack_test_infra.svg             |  4 ++
 .../blog/vulnerability/example_test_infra.svg |  4 ++
 3 files changed, 72 insertions(+), 2 deletions(-)
 create mode 100644 apps/site/public/static/images/blog/vulnerability/example_attack_test_infra.svg
 create mode 100644 apps/site/public/static/images/blog/vulnerability/example_test_infra.svg

diff --git a/apps/site/pages/en/blog/vulnerability/march-2025-ci-incident.md b/apps/site/pages/en/blog/vulnerability/march-2025-ci-incident.md
index 635daabd05051..ef8aba8298892 100644
--- a/apps/site/pages/en/blog/vulnerability/march-2025-ci-incident.md
+++ b/apps/site/pages/en/blog/vulnerability/march-2025-ci-incident.md
@@ -1,13 +1,72 @@
 ---
-date: '2025-03-31T16:30:00.617Z'
+date: '2025-04-17T16:30:00.617Z'
 category: vulnerability
 title: Node.js Test CI Security Incident
 layout: blog-post
 author: Node.js Technical Steering Committee
 ---
 
-On March 21st, the Node.js project received a security report regarding our development infrastructure via [our bug bounty program](https://hackerone.com/nodejs). We immediately restricted access while implementing corrective actions.
+# _(Update 16-April-2025)_ Node.js Test CI Security Incident – Full Disclosure
+
+## **Summary**
+
+On March 21, 2025, we received a [security report via HackerOne](https://hackerone.com/reports/3050534) (link restricted at time of writing), detailing a successful compromise of several Node.js test CI hosts.
+
+According to the HackerOne report, the exploit proceeded as follows:
+
+1. Submit a valid pull request to nodejs/node.
+2. Wait for a maintainer to add the `request-ci` label (this label is added to every pull request with non-documentation changes).
+3. After approval, update the pull request using an outdated Git commit timestamp.
+4. When Jenkins pipelines trigger, they fetch and execute code from the forked pull request.
+5. Attain code execution on Node.js Jenkins agents.
+
+Upon review, we identified that the `request-ci` label step simplifies but is **not required** to carry out the attack. A similar attack could be used against the `commit-queue` label, thus potentially allowing an attacker to land an unauthorized code change.
+
+The core issue stems from a Time-of-Check-Time-of-Use (TOCTOU) vulnerability between initiating a CI build and the moment the Jenkins job checks out the code. Previously, CI jobs used Git references (`refs/pull/<pr_id>/head`), which attackers can alter after triggering the CI. Importantly, the collaborator initiating the CI build did nothing wrong—the pull request appeared safe when CI was triggered.
+
+![Example of workflow for starting Jenkins CI on a Github Pull Request][example_test_infra]
+
+![Example of attack in the Node.js test infra][example_attack_test_Infra]
+
+## **Remediation**
+
+In response to this security incident, the Node.js security team took measures to mitigate risks and secure the infrastructure.
+
+- Immediately upon confirmation of the vulnerability, access to initiate new Jenkins CI runs was restricted to prevent further compromise while the team validated the report.
+- All compromised hosts (24 machines) were swiftly identified, removed from Jenkins, and rebuilt to eliminate any potential residual risk left over from the initial ingress.
+- Security improvements were implemented in Jenkins jobs to validate commit SHAs, ensuring jobs only executed trusted and verified code.
+- `request-ci` and `commit-queue` labels now act relying on validated commit SHAs instead of comparing dates.
+- Comprehensive audits were carried out across 140 Jenkins jobs, prioritizing frequently used ones, to detect and remediate vulnerabilities.
+- Identified vulnerable GitHub workflows were temporarily disabled, promptly patched, and re-enabled with enhanced security measures.
 
+These targeted actions significantly strengthened the security posture of our CI infrastructure, preventing the recurrence of similar potential
+intrusions and ensuring safe operations moving forward.
+
+## **Timeline**
+
+- **Friday, 21 March 2025**: Report received on Hackerone. Initial triage confirmed the report as a genuine issue. The ability to start new Jenkins CI runs was restricted to prevent any further machine compromises.
+- **Monday, 24 March 2025:** All compromised machines (totalling 24\) were identified and removed from Jenkins (pending a complete rebuild). Initial attempts to evaluate all 140 jobs defined in our Jenkins instance for vulnerability. Work started on updating the most often used vulnerable jobs to take an expected commit SHA and only proceed if the SHA of the code checked out on the machine matches.
+- **Tuesday, 25 March 2025:** Some affected hosts rebuilt. The updated jobs failed on macOS and were investigated and updated again.
+- **Wednesday, 26 March 2025**: More jobs updated and affected hosts rebuilt. Some GitHub workflows also identified as being vulnerable to similar attacks and disabled.
+- **Thursday, 27 March 2025**: Validation logic in the updated jobs tweaked again to allow daily testing on non-pull request branches. Decision taken to disable all remaining jobs that had not been evaluated for the vulnerability or identified as needing the fix applied. More machines rebuilt.
+- **Friday 28 March 2025:** Ability to start jobs on Jenkins was reenabled for Node.js collaborators. Some lesser used jobs are still disabled. GitHub workflows patched and re-enabled.
+- **Wednesday, 2 April 2025**: More machines rebuilt.
+- **Thursday, 3 April 2025**: Benchmarking and libuv CI jobs updated.
+
+## **Security vs. Developer Experience**
+
+Over 100 volunteers maintain the Node.js project. Our processes aim to streamline CI initiation and verification of contributions across approximately 100 Jenkins runners spanning multiple operating systems and CPU architectures.
+The existing CI system design anticipates potential compromises, recognizing the need to balance security with developer convenience.
+
+## **Volunteer Organization**
+
+As a volunteer-driven organization, such security incidents significantly disrupt our operational capabilities. We **strongly** **recommend** that security researchers **avoid** unauthorized attempts to breach our systems. Instead, please coordinate responsibly through our official HackerOne program.
+
+---
+
+# Node.js Test CI Security Incident – Notice
+
+On March 21st, the Node.js project received a security report regarding our development infrastructure via [our bug bounty program](https://hackerone.com/nodejs). We immediately restricted access while implementing corrective actions.
 The reported issue did not impact the Node.js runtime and there is no risk to users of Node.js. No action by Node.js users is required.
 
 The development infrastructure is expected to be available to the community by April 15 or sooner.
@@ -19,3 +78,6 @@ A full report of this incident will be available forthcoming. We appreciate the
 The current Node.js security policy can be found at [https://nodejs.org/security/](/security/). Please follow the process outlined in <https://github.com/nodejs/node/security/policy> if you wish to report a vulnerability in Node.js.
 
 Subscribe to the low-volume announcement-only nodejs-sec mailing list at <https://groups.google.com/forum/#!forum/nodejs-sec> to stay up to date on security vulnerabilities and security-related releases of Node.js and the projects maintained in the nodejs GitHub organization.
+
+[example_test_infra]: /static/images/blog/vulnerability/example_test_infra.svg
+[example_attack_test_Infra]: /static/images/blog/vulnerability/example_attack_test_infra.svg
diff --git a/apps/site/public/static/images/blog/vulnerability/example_attack_test_infra.svg b/apps/site/public/static/images/blog/vulnerability/example_attack_test_infra.svg
new file mode 100644
index 0000000000000..18edfa7801ac1
--- /dev/null
+++ b/apps/site/public/static/images/blog/vulnerability/example_attack_test_infra.svg
@@ -0,0 +1,4 @@
+<?xml version="1.0" standalone="no"?>
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<svg version="1.1" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 711.40625 643.90234375" width="1422.8125" height="1287.8046875"><!-- svg-source:excalidraw --><metadata></metadata><defs><style class="style-fonts">
+      @font-face { font-family: Virgil; src: url(data:font/woff2;base64,d09GMgABAAAAAB+EAAsAAAAAMiAAAB80AAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAABmAAgSwRCArZXMI2C2oAATYCJAOBUAQgBYMcByAbTyWjoobSXgxkf3nAHSZfuEe4RFEoEYZCwUymRDMGJbtZXWuo4A+Xxi/whOuC/djl/QhJZofn5/Z/zr27d5n0go3IMaJ0FdSIEZUCgoUoWIFRQVq8wIrvF6ufvgqMfsHz/xy1+9+0rrishI1GCQ1ZHkgn84A7XlRY739z2r+9lbZXkmNn2gFD0gHMtA+A2+a8k8+Pln+xbbbtVnbsYDsxJSkMpMDDnQcsWx/yXyAgtRD//0+nJd12Uit7kctjfn2y64OumWnntyRw7IDAFGfBdngxcASjkc//3G95r35Rw6XplUMihEYkpUnmaE4tkyTwndGTpkBXQFQf9QVWAycmDGHLics4VYlqO6knpJhS01lqJiQbZ7cbnVyeXYpb+btAj8dX6ggQYpnlMAB5SSYA4pQCBWCxEJ+dAGwD6Z6LAgCCZ7OeTCagIdaxaPtfCOt4pg0AzOclAj/yN+BLLQVQAV6hhPVlgnV2KbECUrxfxkuQEGpaJjZ2DtkKNGjT0Vm9GkB5WM8iQYrMlSJNv+F+euaxe+664rJLLjrvnDO+6WEPugeCJCwpjoYOVw5pppgX8+xHLWlDLwI2RhEtnC1ZdBZYPI5MVt60N95PNQ+Ol3c+c9Jh5nmi3n1pQn5JYVmhIiBKUpuclJanq1DG8PyEIRlKYXamQeQq9E6U2U0uYn9mwLLEHh2v6XV4i7Kt1VVfnksY9PqqpoxygYLRDeuxsJKWtMSeyT4x1GKXhRSRGoovuK6LhVUnTiZ7ckKPcAiBgkIUISPkuoESHyDjqbqlukMsgDBsx/4YXKJ8wHCMMOQc6s09jPVUqrwYhiGHyFOkRYotxSbHTepzv+opF5N0RKr2MFPUsoI16fd6TN/DIbm+YhVs+z5HZljLPhAMb4XuNqHNiAy1eAbjLRrgeExn9qjaZ+MXTqsUuCSZGaDcLrUt+cZTWX3KLmZs7GxfTITJq6JkE2CaAgJ6nudRrur/T2qKY2SGrLl5joGQ8oaCZVTUbFLKkaHGU1NVV7f2p0ESUMeymnX3YtuE4zDVYkDO+SL3uAf5nj595fn+B6cByr9O/8WqmKUocgfugFDkRq7rBpCU0B4974B+Crhj58g8X3p0Ond725CGS/y7jMwz7ef+oxeELbzyJ8umFiiwGew1VZ/r9deI4ybA3OEVlRpzENmGChRKIbfbHMfNuTBa0+L7thl6up9ufKV1Ru1cmLfBcIAHB4A/gVF7lzuv87XIjXv3DN2jY0cwDDQlNFz2YW1ZKIThfBFCHHBmxTKFOoEP2KVRvtTm/jw+cXmC5xN29qb/MC5gImqN9ysRwDGMhdJiVYHwPHkZKV+J0YK2mbZ7Z9OxZ4cxmHGY8lWwrEkEpFNheEJoAQZgH03+8l4+4R4k2cZ3C3L3boXbhvJ6M1f9npzgEWu3XfarZxhIqyD1P+tl3UE/zaf4zuDBUZIcvvkmCC+lX0XvN5ZjJuqFXn70slPgkiTTatbFRFPXdV+92NGNhurrnpqpPnfV3qQkCZsz2E5+ZHKyjaXyLt5ZIR6GlI/AAcUOREooHgZKhcNKyjFsJ5tkV0tM3EInCXDMQ4ii6MWG3D8QJQTWEeGkkrghBYAwEyY+flzAMf2mpAj5FOtLZy71PtiW07+bkm0MBA418gEfWNIBx0g88lOe/VvCRH83AayiAyggF6bZgeBOZJvemonmiLLKXzlEyANYezG3R8b6pD9l3GqM2FnpM91Xfd1V9YZTlZMFQNEuKBfDiXV6VDFhjfTM5Pyi0lAUFVfi5bYAWgnagJxD8Eppfr1TsUwaTY+RGSM6YOUEHzuVFZZpMmIVCSWhshCHtDEMOV9cRMY0cAuR4UpXFHHZLyiXNEcQacYQdZ7PGngH0awU3Mkfw+xSRzeYL/sW2Rsj0ioyC6JGg2Xq2V5urBuM2ENGoJzuqRswsIvDYu52gcWqhw9gTcM0NF0JIVrNsijJCnH6DI60N8+hR0f/TnOdc11TBly9DYMbXu76XdqOBVgwuhqU11Jj/IbIDWlk0sAaO8WgQC5pPVBEJHta5daIQURaNCCUkWShUJMeEEoVjGm5fqsqdSY99Ved9EGG9qfFHWByA7KSnaIVQgGquD7bye7JnmS6b2w41QNNCVAc0PcVW+wKeFTKbR4212ma67jqL0PsdzQbIzJ6r9bkbwbeRcqsX1OqNSXSUEFV+QSv2AQ2Nu87OSaKcgOSHA7KQ7l2i433f31Ub3rT/PkFMi9iquThjnYA6HO/2pfGxnxJR0ZqhASLcIFrgd4euD5MZnaEObt5NDi7RKCtXiR0Vzmw99TG4dJcJR1JpGOQOsPRmC5y28Qc/TagqHHXkBfOPjGyH60hOR4CeZdwTcrWFPJFS4R8LMAbvmZo2aCDcn9QUB0fcJHuvT7Kp/5SaqQtJpXDCpxsbzvju/ZvWiAzq9aIJWVkpRgf2DPdqXE6YttlKu++BZkcP9fTnDothlPpuewF2MYySva5Lf9x/sHff0iBr0xsEyMOQ8gF2IGX7Gak5uNiV9z4RVYl3ftO9+s6U3dYRti58VudjealsWwnDKLIAVkl+WRKASfIoVw0zRgFWDfExDSR7JSHJTTyNL/Ekuq8piWTVotJQmhNw9vtu3O7v1LYPLQKDEy2ExYJFDKGomSZrrtq+sJ2mdYAVxY0JS7gw2LnBRCZm+762XxPVphy02s21K1XmguhPBxSPjqiTHmDCYby8PABKVg1Gj2nHzf2E3Za9JDoHXoqIMPsIh0OCAGmMKMcDz0k6Gg+n31td1zIq1rq/e5E22G+OfaaXpe6ls6pHuFtMryTFZJykTgiWWNhcuauuPzH5YoootBiZOhoXhz5Nflx32m8/0W7RGX+djDFk5kjuxhONq36BZIll9ASY0RABQs+FW9JYUeULGJyW/GQSsrh/DVfznsCNXGMjIom7KPZenpRTA0p35rV7PPwLFghRHgupxvDNguJfErEiy9MkDlCwZPR5cKqHkyIzPAr1P5JnvN8ih/cdp315XE6e45hjiIXXEvKHR0SGrgE1DkHvGF47MW0Pcr/McTg/H7zuq173vWOn1YvDGobLJPn1OgmDKe6QrM8C3iq1gR4b54Vk9tpyepIklwiHsTciMzfobufPbRLZD5Ezqv9R688l5Vqd1Aeno7BhB59QnkL8oO0pNoB2azszj2g4CUNxPvu2N1Pq77MOf+9qHgMvx0su4cYWGNtdDK1qUuvzzKHdgkFPsEVRc3GQvNIaZE3k7WMJP5cMWUujmaXUsHwejTJPU3zWuPTcJx218SbOTIfjxDDi2qdmk6SE7b9TthwiXfwJj4Ox7aV07qsAqEoWlrCp3NpPh5mzLO0pHiNqWunI0s2mc7VVLK0t8HGGKx5lk03ifTooM9prqcq55RzuzwoWrbmWeXXKaX+gu/gC2RM75zSzeYgD4FfU4A6jvUp7cHAAlbdk+6ITnAUm7f38om+fGEfw2sq4Bz47RMgd+EhUmCQv9b70yEBvYUFSIRmYRcTE83fVMZDvfdV/lMqYDKjsJTYo23drDdYX97K9Sw3fE6CAXJ1Q2WKF4p8ocJQPszO1I0I7+R99vSaK7kfGVlyREZa9BIFEORbP9Cy+yXneSk1sgoVVCdYIartK8i5/7eP/r71L+LNq9FgQFRIy5yW63/J9heha6QOYGwEO8rzGo/I7qn6e+3CDjLvlz/s/cJwUO1RjQIltIk506fXq5YhE2fSbk8Xq7qqOh2SKB6x/R+TxJH9RoLBshK+dT2EGRAPw2czXj1HTkWGs4Obzhtycv3/ZzMMZUUekGL/A1oJOh1CESCt0d1mvXYezzyfHOv7VnHRa40k23Lm5cdz8XFqaRjSUudm17ulpgjDVPhk9CmY8n4oDqh+wH5Wj2ZEuupnGAbfWWiFzv7sJS6ZphfSBD0iUEiiR0z+ZDIaMTESS1iiNbdQRw9UR0kAQxQZkqeux106oqbqe3Um+/tsH0P2Wr0Jxu4In6KTv731Kq09fyqyLfWmF1MXGxNhABhyb0b4KuA/7ZjoRxb5hHMzslmsaUnpBS3J5QT5IppNOWl6heeTXec0fzAeYnSEnVr/0Sv7GJ6rr1TAIb/Je3FedysMITrQkvZKgQKfa3FSdV2VFju+os3N6ATDtLRecYYTD5u094KCBiFacuFnkJWSeczHYQjok93sud3fs9OBGN84ys4X1Y4+m1J7asaUvSblHvv41Gc748qwQBkBF1cnSeXdeXHgVfkbfiNSy52CujgcrUzKwCK0MkvcwvlVmKQ/vYtjtJjiu10jzSl/1+qr2O1Y3IgkRXWhm5U3r4BeHNO9swfizdkPw+fT9W6zr4rq8zkZMdnEnNL5ipKKJkp8pzzH4MhotNHaYLpVyzEdWAZBEom1YEAK1uwzeV4qNFDUhcQMOFSQT1WjxqOjo/UJ10vne1/60Was3WbIhezUb0rrfWn0MZChhqXVueRnSxJvGRzf600msorK3yVencyi7+L+IbIrrsTtZS02cZFO7QOXK1Sia3pLEE6lOvt1hn5Yeb8P/fUendzHguI2oYv/d16kGyuzlhcyipvbUr3kDGuZC+4dQkzXOgMXB6GdnYnScW/9DtJ3Tapks5KffpRsA5iNEIU/IIncp3FSSdI80g72hd42jlugK/lPOhqOGAlbt3Mcs9awKW1487bj/thYKtjiTrp7ec7SQNAdvfRF3PNAchsvhKNyZLxLScYRGA0R11rT6a4zzGEpx3lP/QiVeIh8I1ESvVKYK9bDL1k+yBAKQfEmCmS11QrKyCF6PwR1yg0MqFH13qPQGgAPF1reCHkfsOU/3SzctqP4bNZ35V0rBYVeyy8ZnrM3HAAGkSAOdpT8qOhLohYUnOV3bakDx+as++3+yKp/3bVTNyc42JndSOoSTgrp7kiA3ZK9b82bsq4FSYQRVVNwU7t+E6CA8gQFleflJEr/i8Z7I0jtCIPOlMEiCkJjEmoZ9Hy0wtpBoHF/gwY45o6AnBV3nrQTq/Bhd7QzdhpFJx8gbpoqakqvW99dy4UCKIcqcYpWEzoqDyqS/paSLo56TgZt9OoZslQf3c3yzjtdq8/rWOo098ojsWJiyapx9vQGe2wqXnDzyoYjw/Am32tn7F9fDIsI32Uc40pYEKVdEDjJboAmJ8rlo9Keyz3SVnaGtf0QP8VAo/tvH+ljIRAnCS29I1LaFLr3TJPpYw0Wee3UqVMFhlG8FJO6qx7oW1qoHsP5TdyfRmdEp1Uy2xrW0XhPwC+ZlDUOuMowX7CeR6W9xENOlZbuZe2Tce238jPet25/uyXAqP/Ey4XdsKGxC+WNAhyziZgydxxCpNh5PQPhrDg7Tw6pcP+PwaoEthUjpXE3XN7NoI/8NsVKG7/QCfQI3ijWtdwbLg0OBBmBnyT6x8FZjSD/pS5b61rRgjdiONLGIiAvJcaP9bO8ZlxKItCQb50r9WwWgLeGjZVpi/LG2ZTc3/96b8xel2gP1da79gE0BV+FchkmR4fT1OSuOBEa2+M9fkLn2MKvAo7S24NIv70pZWgIx9itn7MrKCaEIiSdMZPPQSCLF9q9BqOeuFB3ftSL5ysY85MdphSTTHOy4IH5+c0HhedfaD1K2YuZnu0m+ivSSTfTV/atlPLJIRyTg4glK20ZJb059a5EQ/hXUDsZZhN0XGu9TUEGlXg2xiXpCSQMcvECpBQrUL3ANAYF+RjLPM7/Zd9w35kjvc7bwhRr1q67jqkjLu5QygcaCCbhLr1g+J8yIhaHE5ESpNzHH813NTD7Kf1j+rP/qwh/mDKTcK9VmOSyk/KuY49yn3K2haBN4CDkcCq7PwHtZ3NAaSuOJaJpzNs/T+7cu3wpc7zwctbOrrrk33n/OdwufHEI0J/+YsO/3S2xtaUQxTeHmE6rhdMyYu6eGzyxN83eS79uKlmKdK+/pk4oJRdyC8lInZvMQKQ6hTspf/+pkNH0sFciRwvZxB8ceP5VosvhfXN2xPPwPFD6tQ7r9LxmovBIBWMt6koZvxur9BPZp7KkuZMzg6hZMAUZQ7m7WO+daptJDLJZ4g4NkH6CQ9LxwadA1xmoRRiUU2X3jCh1Ehy8CFEko8EFJjHIRhefJO6UQTHeTbbL0ULwe4VTWsA+9kkjs8nyA4NkoJQy2cMJoaRQv6JZ8XzASm8c2OK/PU15Y/lzkfVpyp0K+eAEzkWdQ1CWnoVCA+wW/9ZI0uAE5JK9ls6GK8+EHSB6Lyx62MzDgtFgjF/ssQb4bouYDpwWEBgYHmhgNZ75uXRySIko1TcLXdH/QCSXYiLkCT+NbYTiIijbjxCUO7a4EH0tso2hbDYHssRp/AmNc9fypchAEyr4PjSgqFzayno5W1rmB3SEOc4yyiKLxCFUnk+RPUpmaLSvHWUgWXmAW7Q+gJg+BbCUYKOlKre+JVOqDQ+Khmu73PP5/lNjGsApyWX0bkghf/aaju2JcbJUEt+Qq+f2ffOSSrxjnn8Bme4pn3wRbd7roclci2cKGgWA0LxiO2uX8ThZA8FAN7EmYquAgJlj4PjLqzb7B2C1qkXZyFSEFNQ3z++ch95WY7V/mAPNtlD+FNqyIv6LeH6bYsa6KYUK3aVsrvVbTuZk/lLSot++m7QU4ZtRLIFEjJJB2YzFJydtLFj5QmEcP/XTUs/r0pbkXmThLcFoNlmB2WRDmMvMP4DfIjdL8dRuX5gn6OrLErjiekOgBgaS+JkQhQAGQLcCqaU8LyEgxSPeNL8+nJvn1dvkHoEiagNS0dE19kbBUBivF303Vai87mIY98tIXN7hHNyoqIF79qf3J/jzN6sTgPdtm8vS+B+RVO+THZGRYc70EccmB74Jr+MWey7zM+Xzh+JAhunjy8ui0gad5xKVKD5GCMR0XB23AgHteQFQ1/WZ4mImclrYLzXvzrYJewAVmJJjj7I9VwbtJGi/C5M9BzTnYqC4ejSWd6TNof2L4FOkGimPw+wyOzZblh3gMIc9cGUeGvr06/wQ6kMdNhvP7J1sN08yzAccCMXlXRjLx9jKuhP2+MdKh70l3vSZKzn/71rJzUi++Ma/9O3yA0EzfB/7q3Qc+m0apYnQz8USwyRSnheXM0pJI+aQzgHKFFbgd4q1SnjgrUIDbeRfl69NNSoddV7TYpn3Nvc32YPhNPTE80VdZtC88rPu9OriXg0VW96L5EI7tzL4yPTQkQRXCn56Y5xHy/IwdWJP/jttbF1ZHWxBEqV7D+SAuHhGbrA9DSTBmU3u/3XL+MxYt8/FPmtThblEDVbWg25rZGGNFAv8zkbww00SDxJcz2rc3kjbTeNimpca7FdiBrhBopA37EBFs6SjrPM6vaoMJmJcwmUQswaVNypQn3DVwr/G3rcp+bqPT8hEit3D1iuv/+Wqj/TnPlp4/dTy8qc+y3bKZtiESJIvl42Moet8CE0LfJwYjsBCf+9lrUveVSxg6AfbhCNy1zOJItdvudmF+EKwii1hfyfbHkahtepT6G4u3uR4T2k7TJvpkx/+Zi5DlBxcv+H/0ktOn9HhdFXNf/SNs5LrkVutAYc1niXNXOTPUEHDvBGVp3eeh4eMo4V7e9ylo5mVSziEjo0flA447BX4fAtY5cLl5whAxQ02W6YHe9z3X7DdiODHyQVsI5OKUorWOtHJ9jSfb5rOM3oMsSE6rVfifyuVy8MOdl6+uP9AOS8QbR0t4FYeu0Wj1lUBYjz7WsqLpXQbPXdSY+bo145WeLqP7NgineFc0rlKiXPH+kv6GGJKI+VFc5d6efKe/7ExnF5YVj2xtjE1tqe8b3PLzLTZit6ejnrZZ10aW088W2REMGpd0cBH7PUrusftX1b49GwWitEO16aVn+azDIelQKhzuuaAwZiJijdirweY9lHmVj6eUy7eiTjE0fQyM9ufVo6pUQyp7TpIsmNdrC9YOIm2EKxd1rrDWmrY9lIrUiypvp/k4PtCX+NJ/1LpCgsziciu2hB57fE0ZVle6I7Q1tJPy1kHEO8YuEVE61YUx+iUc9PLffnOnux7cHqZBZ1KDLURVH2ZQ40EIAw/SXHh/0nnVz9mr6W4TmDMea6shSSdGEXfaQjJONuywSPQLo1sXLA2PrQQlpp9bIHkXGip1ZAjBxUTRgb4bEhhD3UM7+Nx9UNryxIA80z9sm5BgdfPmouS8nr1xTF08Ieo0N2/NL1qvV0bjxb57Xofu62OM9Wp7BIW+8vbkhu1XFuRxz+fAXaASE6a05lI0+5EKMMpwZLhMhWwN45IhB+qI4xbBBDtgAJS4Wb6zG5i7ImJFJe4ACETr8fltBpPjwRPDUDikKAMVxeNzf23MCLWv953BLf/zbsYHa8yW89epCsvPzzyCU8G5a7mHIdLOTqeY/InpGfow4WhP0hxpQSSKZrWbC3aJ0ADVwb0EYtOkuWRuh3LLvwozkDtwVa5V96vXg2dfP6LuYRukgyqab4al3f7kkXOD8phOEgkd+7N4s+SebCWRw/hsECIU3Oo3MH/uHy4HxriNZn5JcMKs4SMyQ5c21X2V5rIEK1xlGYkeP58wc7oYVRduLyGm3Fr7WQ/8IbvUsPfphA6tZEwUqTrLCrxcYJkxcd53T6dfI4exD8uEnJGDSs/SFFgZeNxk6MYrVZqTEhw3LxoCyUmNf1sYoQZ4CTa6Ngx48tJVkNMjPVA+Sn2I0+xjlfgsWgTynoZPKSd62kiUghukZVGvyWs+bij/bH/zxyuKSK7bqPGCUT/MepTE2qtpNPuUgUrORtDPVECPUgVjMRx0BzEidwkiqLOaQb/Xcecu8gUbCeZi7e1Ti0XCCQWnkfmVtdMXzmPnU4lKW5bhCYKUw/o/vkvoH3F7tTDIZkZUewqSrsA8VnCIu+y/OJCtBMzic5uvyjO/59f13ArgCQNgkiQT7VuF6ADmdwuoLYb/p1/aIbAtJHoS1cPJccFSPzdVnybfFLA6Mmkw+o0i8fIIq/3DBU9l2E5xPj4fIMq6K5IkPRbdojPuTIFYe7xrESwZWl/CURICLl4Z9IM48UDqoBTVEqFm86Xiy0NPuaJaGuIObIOS/O2j1XrMG3wj3tobLwCxU0fz0yx5xUBPeVbPxbu12J0W5E5PtPI0D1EqgNBXD+VeoUIyNSADoGrB52Cmil0mMergjZ6lG/l2FZ650We8CLkT0oGjeIC/1cdrzJ9TrzjRRSUyWITOu4fXWUbI2XBjG/dNipo7WfS/qufLAyYjpSQlamGqezNSRyjDKri/+hDHqszqNWIEhgK5bpFhF2FnluQN9EC2grAZWojwlK4gYlN2w1feVipq90wNArFCCz9hPhstR+ZAltBRmVi+EPT3TEWaWf18ppBd7ODk4yehs6/iitxihOnvIKjzVUcsZiLSMB1bm21b9Wv7V/2rFPb5qsvqkyH1XUzXN+VNQaTfKu+sSb61U0M1vh5pwuskSYq48x6j9C0QH9BZPf6K3OkzFNHsGwXBSg2En6c/SFtBPFu9pAaicz4St/kyE73OdTI7tTYzlbYQEqvyDMGuRO5RVTk1dfxUYweIhaGTUSG900JKYj3hD3Ie8rL9sB+IKPWPFutjDJdTAtVocIg+1vGlFCnBzdIwZo7xxzqBW6T/dJrBF/bti+iM36beX8L0Bq5d+SRIb+57RrQUAX+faq2gC0JujL3uChT8U0XvE6r537K9UzFEAn6SjlkaLPwU3qw5Inh1i/3bvd8eDaUjBAoNGtuczz31gS7STJzJtg7CpPd4tL1WoKY7DZQ/Oi5PoqbSQsu51TATZWCXYFymFEO3yHKhwPa8d0HweyiDybWAGs51URTCPRHnZUT5JvBb+xD2rnG9qrpZkIr78jY+JNkTeG0iAR7k3gmdTxHfvOYHBL1JABWnDSR/ztMRAmFOxmST56Ifyk5vt7vTRQVx7KCI9Z0WhRP0J/uqW/CCo6A4qDjge+5UuXse0jTgkAaSkA85dFBPu+LP1P5tnfnpHOWbw7DUCA8LJ0o+ZFy+18tGudczfe4cvi17J/c+nuD3oX4fOlpXybuZ+3W2I35myx/6PawT8DV7DNK9tBJnRvrlchytchT4w7ai2nNtvNfO2lNN26Ij7Hcd5ZJcmq1RRSLsMub/aHLjPtNoIU0y4/9ZvupQ6G864N7CIbYJanTRa7ShE65X1wvoX8e/dAo6p+8FlIvzw1zpvxwvVqugPQPsjd3rF7ICpixvyQq+jPbebiquwrufPH23e9Xf58Jv67NeINCg+wgfndEt+6ZmKopsBTQ0DEC8IeBi5PtHVAyG3GHQzdv+xXzP3lGPzdRsxwlc6ELGqBnB2EmY8WLeyT46cTLv3gpBpW5CyCvXLOHKIXIC89e+4rApMNDAKyFWycW0f35U7D7N8G8R04UJDKc+bEveocxf3LyCDaWNj/1zRBBfDr4zS3C+BJE2n/myIOKB0bCOn4kr1ABa+7g3NxeqKdwQFQJZy0a0IgoGwqukQEA3cZGBxDN8AGCYc8BKp39gEAg+gDjzhVwAcDEqzSr2NFaAVKUlcOtUOTw/eGy4Ra0QT2xYLiUAnulO12MSpYkJqbNtTGbnCVmV74nDylFLYh5ccaLqJVeUulOqF6DRh2vUKV3V5pCzFsJH+ISKMEv7MU6BLI4aBV+4UzSfmFK0wWqpwygVaE0xecgUO1ateAXRQdVtkxA2TlcBm0CpZQFBUdhAAAAAA==); }</style></defs><rect x="0" y="0" width="711.40625" height="643.90234375" fill="#ffffff"></rect><g stroke-linecap="round" transform="translate(21.682389413152123 52.10168989925296) rotate(0 79.91932012384586 35.46484375)"><path d="M17.73 0 C62.99 2.29, 107.31 0.43, 142.11 0 M17.73 0 C60.18 -0.09, 102.36 0.03, 142.11 0 M142.11 0 C154.11 1.52, 161.44 7.82, 159.84 17.73 M142.11 0 C151.68 -0.02, 157.98 5.26, 159.84 17.73 M159.84 17.73 C161.69 29.2, 161.17 36.4, 159.84 53.2 M159.84 17.73 C160.79 25.47, 160.28 34.23, 159.84 53.2 M159.84 53.2 C160.73 66.55, 153.41 69.99, 142.11 70.93 M159.84 53.2 C161.71 64.42, 154.53 71.92, 142.11 70.93 M142.11 70.93 C107.68 69.64, 70.99 71.05, 17.73 70.93 M142.11 70.93 C97.71 71.62, 54.91 72.52, 17.73 70.93 M17.73 70.93 C5.61 69.45, -1.28 64.49, 0 53.2 M17.73 70.93 C6.7 69.26, -0.25 63.37, 0 53.2 M0 53.2 C1.06 41.07, 1.35 29.92, 0 17.73 M0 53.2 C-0.84 45.6, -0.1 37.84, 0 17.73 M0 17.73 C-1.17 5.89, 6.66 -1.61, 17.73 0 M0 17.73 C1.62 5.52, 4.4 -0.4, 17.73 0" stroke="#1e1e1e" stroke-width="2" fill="none"></path></g><g transform="translate(53.76729791590515 74.41603417947022) rotate(0 47.83441162109375 13.15049946978263)"><text x="47.83441162109375" y="18.53694405260566" font-family="Virgil, Segoe UI Emoji" font-size="21.04079915165228px" fill="#1e1e1e" text-anchor="middle" style="white-space: pre;" direction="ltr" dominant-baseline="alphabetic">PR #XYZ</text></g><g stroke-linecap="round" transform="translate(273.55078125 11.94140625) rotate(0 82.9765625 82.9765625)"><path d="M46.22 9.06 C55.25 3.14, 68.41 0.56, 79.77 0.16 C91.13 -0.24, 103.81 2.69, 114.4 6.67 C124.98 10.65, 135.57 16.25, 143.3 24.03 C151.03 31.81, 157.08 42.67, 160.78 53.36 C164.48 64.05, 166.23 76.67, 165.5 88.15 C164.77 99.62, 161.43 112.1, 156.41 122.21 C151.39 132.31, 144.06 142.04, 135.36 148.78 C126.65 155.52, 115.32 159.94, 104.17 162.63 C93.01 165.33, 79.46 166.58, 68.42 164.96 C57.38 163.34, 47.31 159.11, 37.92 152.9 C28.53 146.69, 18.34 137.28, 12.07 127.7 C5.8 118.12, 1.69 106.66, 0.32 95.42 C-1.05 84.19, 0.8 71.06, 3.86 60.29 C6.91 49.52, 10.5 39.88, 18.65 30.81 C26.81 21.73, 45.73 10.21, 52.79 5.84 C59.86 1.47, 60.49 3.28, 61.05 4.59 M89.04 0.98 C99.9 0.87, 112.04 5.47, 121.76 10.7 C131.47 15.94, 140.39 23.37, 147.31 32.39 C154.23 41.42, 160.44 54.11, 163.28 64.84 C166.13 75.57, 166.51 86.02, 164.38 96.78 C162.25 107.54, 156.75 120.11, 150.52 129.4 C144.3 138.69, 136.48 146.73, 127.03 152.52 C117.59 158.31, 105.03 162.69, 93.86 164.14 C82.69 165.59, 70.78 164.13, 59.99 161.24 C49.2 158.35, 37.82 153.7, 29.11 146.77 C20.4 139.84, 12.59 130.13, 7.72 119.67 C2.84 109.2, 0.04 95.56, -0.14 83.96 C-0.32 72.37, 2.51 60.34, 6.63 50.1 C10.75 39.86, 16.51 30.24, 24.59 22.51 C32.66 14.79, 44.43 7.47, 55.06 3.76 C65.7 0.04, 82.62 0.74, 88.4 0.22 C94.17 -0.29, 89.49 -0.65, 89.7 0.68" stroke="#1e1e1e" stroke-width="2" fill="none"></path></g><g transform="translate(303.7041132359773 44.74467872670061) rotate(0 52.649940490722656 50)"><text x="52.649940490722656" y="17.619999999999997" font-family="Virgil, Segoe UI Emoji" font-size="20px" fill="#1e1e1e" text-anchor="middle" style="white-space: pre;" direction="ltr" dominant-baseline="alphabetic">Maintainer</text><text x="52.649940490722656" y="42.62" font-family="Virgil, Segoe UI Emoji" font-size="20px" fill="#1e1e1e" text-anchor="middle" style="white-space: pre;" direction="ltr" dominant-baseline="alphabetic">add</text><text x="52.649940490722656" y="67.62" font-family="Virgil, Segoe UI Emoji" font-size="20px" fill="#1e1e1e" text-anchor="middle" style="white-space: pre;" direction="ltr" dominant-baseline="alphabetic">'request'ci'</text><text x="52.649940490722656" y="92.62" font-family="Virgil, Segoe UI Emoji" font-size="20px" fill="#1e1e1e" text-anchor="middle" style="white-space: pre;" direction="ltr" dominant-baseline="alphabetic">label</text></g><g stroke-linecap="round"><g transform="translate(185.89453125 91.484375) rotate(0 39.58984375 3.224609375)"><path d="M0.44 0.04 C13.91 1.13, 66.59 5.41, 79.73 6.63 M-0.79 -0.98 C12.67 0.31, 65.84 7.18, 79.07 8.26" stroke="#1e1e1e" stroke-width="2" fill="none"></path></g><g transform="translate(185.89453125 91.484375) rotate(0 39.58984375 3.224609375)"><path d="M78.86 6.82 L65.37 11.28 L66.05 1.23 L78.46 9.29" stroke="none" stroke-width="0" fill="#1e1e1e" fill-rule="evenodd"></path><path d="M79.07 8.26 C76.17 10.01, 73.39 10.46, 64.88 13.09 M79.07 8.26 C73.04 10.21, 67.83 11.82, 64.88 13.09 M64.88 13.09 C66.45 10.39, 66.51 4.98, 66.24 0.49 M64.88 13.09 C65.74 9.56, 65.74 6.67, 66.24 0.49 M66.24 0.49 C70.02 4.42, 74.75 6.27, 79.07 8.26 M66.24 0.49 C70.89 3.26, 74.39 5.19, 79.07 8.26 M79.07 8.26 C79.07 8.26, 79.07 8.26, 79.07 8.26 M79.07 8.26 C79.07 8.26, 79.07 8.26, 79.07 8.26" stroke="#1e1e1e" stroke-width="2" fill="none"></path></g></g><mask></mask><g stroke-linecap="round" transform="translate(524.35546875 10) rotate(0 88.525390625 88.525390625)"><path d="M111.25 22.25 C126.22 37.21, 142.1 53.6, 154.8 66.75 M111.25 22.25 C127.23 39.56, 145.1 57.4, 154.8 66.75 M154.8 66.75 C178.41 90.87, 178.45 90.35, 154.8 111.25 M154.8 66.75 C175.35 87.63, 177.49 91.22, 154.8 111.25 M154.8 111.25 C136.46 129.2, 122.2 144.68, 111.25 154.8 M154.8 111.25 C144.39 122.6, 132.89 133.31, 111.25 154.8 M111.25 154.8 C89.68 177.35, 87.29 175.4, 66.75 154.8 M111.25 154.8 C88.65 178.19, 88.05 178.2, 66.75 154.8 M66.75 154.8 C59.34 145.29, 46.62 135.2, 22.25 111.25 M66.75 154.8 C54.32 141.85, 42.51 129.75, 22.25 111.25 M22.25 111.25 C-0.19 89.74, -0.61 90.03, 22.25 66.75 M22.25 111.25 C-0.27 86.85, 0.61 86.97, 22.25 66.75 M22.25 66.75 C30.98 55.54, 42.44 47.41, 66.75 22.25 M22.25 66.75 C31.04 56.89, 40.87 47.79, 66.75 22.25 M66.75 22.25 C89.6 -0.1, 90.56 -0.97, 111.25 22.25 M66.75 22.25 C86.91 -1.99, 89.04 -0.57, 111.25 22.25" stroke="#1e1e1e" stroke-width="2" fill="none"></path></g><g transform="translate(566.828125 57.83984375) rotate(0 47.12995910644531 37.5)"><text x="47.12995910644531" y="17.619999999999997" font-family="Virgil, Segoe UI Emoji" font-size="20px" fill="#1e1e1e" text-anchor="middle" style="white-space: pre;" direction="ltr" dominant-baseline="alphabetic">Certify</text><text x="47.12995910644531" y="42.62" font-family="Virgil, Segoe UI Emoji" font-size="20px" fill="#1e1e1e" text-anchor="middle" style="white-space: pre;" direction="ltr" dominant-baseline="alphabetic">Safer</text><text x="47.12995910644531" y="67.62" font-family="Virgil, Segoe UI Emoji" font-size="20px" fill="#1e1e1e" text-anchor="middle" style="white-space: pre;" direction="ltr" dominant-baseline="alphabetic">validation</text></g><g stroke-linecap="round"><g transform="translate(444.27424460169277 102.24994218182837) rotate(0 42.13419270342183 -0.8515859533799812)"><path d="M0.96 1.14 C14.79 0.71, 69.37 -1.18, 83.09 -1.71 M0.01 0.7 C14.18 0.39, 70.91 0.09, 85.19 -0.18" stroke="#1e1e1e" stroke-width="2" fill="none"></path></g><g transform="translate(444.27424460169277 102.24994218182837) rotate(0 42.13419270342183 -0.8515859533799812)"><path d="M84.58 0.85 L71.43 4.44 L72.05 -8.13 L83.7 -0.74" stroke="none" stroke-width="0" fill="#1e1e1e" fill-rule="evenodd"></path><path d="M85.19 -0.18 C82.49 0.47, 76.86 2.73, 71.67 6.31 M85.19 -0.18 C82.02 2.28, 78.36 3.85, 71.67 6.31 M71.67 6.31 C72.93 4.56, 70.69 1.05, 71.52 -6.37 M71.67 6.31 C71.41 2.91, 72.06 -0.06, 71.52 -6.37 M71.52 -6.37 C76.18 -3.81, 80.69 -3.59, 85.19 -0.18 M71.52 -6.37 C74.18 -4.71, 76.78 -3.69, 85.19 -0.18 M85.19 -0.18 C85.19 -0.18, 85.19 -0.18, 85.19 -0.18 M85.19 -0.18 C85.19 -0.18, 85.19 -0.18, 85.19 -0.18" stroke="#1e1e1e" stroke-width="2" fill="none"></path></g></g><mask></mask><g transform="translate(446.3822326660156 69.37109375) rotate(0 37.359954833984375 12.5)"><text x="37.359954833984375" y="17.619999999999997" font-family="Virgil, Segoe UI Emoji" font-size="20px" fill="#1e1e1e" text-anchor="middle" style="white-space: pre;" direction="ltr" dominant-baseline="alphabetic">triggers</text></g><g transform="translate(34.25067138671875 302.05078125) rotate(0 65.13995361328125 25)"><text x="65.13995361328125" y="17.619999999999997" font-family="Virgil, Segoe UI Emoji" font-size="20px" fill="#1e1e1e" text-anchor="middle" style="white-space: pre;" direction="ltr" dominant-baseline="alphabetic">requested by</text><text x="65.13995361328125" y="42.62" font-family="Virgil, Segoe UI Emoji" font-size="20px" fill="#1e1e1e" text-anchor="middle" style="white-space: pre;" direction="ltr" dominant-baseline="alphabetic">a maintainer?</text></g><g stroke-linecap="round" transform="translate(16.921875 265.640625) rotate(0 83.70703125 60.78125)"><path d="M112.27 2.73 C123.28 4.57, 133.9 11.62, 142.48 18.12 C151.06 24.63, 159.83 33.43, 163.77 41.76 C167.7 50.1, 167.72 59.48, 166.08 68.14 C164.43 76.8, 160.11 86.4, 153.89 93.72 C147.68 101.05, 139.05 107.37, 128.79 112.08 C118.54 116.8, 104.56 120.97, 92.36 122.01 C80.15 123.06, 66.82 121.45, 55.56 118.35 C44.29 115.25, 33.24 109.64, 24.77 103.42 C16.3 97.2, 8.74 89.44, 4.73 81.02 C0.72 72.61, -0.53 61.75, 0.71 52.94 C1.94 44.12, 5.61 35.49, 12.14 28.13 C18.67 20.78, 29.39 13.58, 39.89 8.8 C50.38 4.02, 62.07 0.07, 75.09 -0.55 C88.11 -1.16, 109.82 3.6, 118.01 5.1 C126.19 6.6, 124.92 7.59, 124.21 8.44 M72.49 -0.54 C83.7 -2.6, 98.61 -1.35, 110.12 1.66 C121.63 4.67, 132.95 11.06, 141.55 17.5 C150.14 23.94, 157.46 32.41, 161.68 40.32 C165.91 48.23, 167.85 56.56, 166.88 64.96 C165.91 73.36, 162.25 83.05, 155.87 90.75 C149.48 98.45, 138.74 106.29, 128.55 111.16 C118.37 116.03, 106.71 118.73, 94.75 119.95 C82.79 121.18, 68.2 121.29, 56.79 118.53 C45.38 115.77, 34.7 109.54, 26.28 103.41 C17.87 97.28, 10.81 89.84, 6.33 81.76 C1.84 73.68, -1.42 63.52, -0.63 54.94 C0.16 46.35, 4.59 37.73, 11.06 30.23 C17.53 22.72, 27.74 14.97, 38.2 9.9 C48.66 4.83, 68.27 1.38, 73.83 -0.19 C79.38 -1.77, 71.52 -0.63, 71.51 0.44" stroke="#1e1e1e" stroke-width="2" fill="none"></path></g><g stroke-linecap="round" transform="translate(216.125 267.1796875) rotate(0 83.70703125 60.78125)"><path d="M111.72 3.85 C123.01 6.12, 136.16 12.89, 144.58 19.21 C153.01 25.53, 158.66 33.52, 162.27 41.78 C165.87 50.04, 167.46 60.15, 166.21 68.77 C164.97 77.39, 161.35 86.04, 154.8 93.49 C148.25 100.93, 137.4 108.78, 126.9 113.45 C116.4 118.12, 103.69 120.81, 91.8 121.52 C79.9 122.23, 66.84 120.69, 55.53 117.69 C44.21 114.7, 32.41 109.97, 23.91 103.57 C15.41 97.17, 8.53 87.71, 4.52 79.3 C0.5 70.88, -1.74 61.73, -0.18 53.08 C1.38 44.43, 7.09 34.91, 13.88 27.4 C20.66 19.89, 30.29 12.57, 40.55 8.02 C50.8 3.46, 60.83 -0.02, 75.42 0.09 C90.02 0.2, 117.61 5.98, 128.12 8.68 C138.62 11.37, 139.36 15.31, 138.43 16.26 M54.33 2.61 C64.64 -0.94, 78.79 -0.33, 90.71 0.78 C102.64 1.89, 115.46 5.09, 125.87 9.24 C136.29 13.39, 146.34 18.71, 153.19 25.68 C160.05 32.64, 165.48 42.17, 167 51.04 C168.52 59.91, 166.07 70.48, 162.31 78.89 C158.55 87.31, 152.74 95.07, 144.45 101.52 C136.16 107.97, 123.8 114.48, 112.58 117.58 C101.36 120.68, 88.86 120.92, 77.12 120.13 C65.38 119.34, 52.81 117.16, 42.14 112.84 C31.46 108.52, 20.09 101.37, 13.06 94.22 C6.02 87.07, 1.36 78.61, -0.08 69.93 C-1.52 61.26, 0.4 50.78, 4.44 42.17 C8.47 33.55, 16.1 24.82, 24.13 18.24 C32.16 11.66, 47.52 4.92, 52.6 2.67 C57.67 0.42, 54.11 3.38, 54.58 4.73" stroke="#1e1e1e" stroke-width="2" fill="none"></path></g><g transform="translate(221.85367584228516 291.66015625) rotate(0 74.51741790771484 34.25356684840506)"><text x="74.51741790771484" y="16.09460927650392" font-family="Virgil, Segoe UI Emoji" font-size="18.268568985816028px" fill="#1e1e1e" text-anchor="middle" style="white-space: pre;" direction="ltr" dominant-baseline="alphabetic">PR has not</text><text x="74.51741790771484" y="38.93032050877396" font-family="Virgil, Segoe UI Emoji" font-size="18.268568985816028px" fill="#1e1e1e" text-anchor="middle" style="white-space: pre;" direction="ltr" dominant-baseline="alphabetic">changed since</text><text x="74.51741790771484" y="61.76603174104399" font-family="Virgil, Segoe UI Emoji" font-size="18.268568985816028px" fill="#1e1e1e" text-anchor="middle" style="white-space: pre;" direction="ltr" dominant-baseline="alphabetic">'request-ci' label</text></g><g stroke-linecap="round" transform="translate(10 239.33984375) rotate(0 195.326171875 87.681640625)"><path d="M32 0 C151.96 1.93, 274.9 2.88, 358.65 0 M358.65 0 C378.42 0.74, 389.55 11.56, 390.65 32 M390.65 32 C391.99 73.43, 390.88 116.77, 390.65 143.36 M390.65 143.36 C390.24 164.93, 380.67 175.67, 358.65 175.36 M358.65 175.36 C289.29 174.44, 219.25 173.77, 32 175.36 M32 175.36 C10.8 174.93, 1.93 164.4, 0 143.36 M0 143.36 C1.4 116.73, 0.5 91.56, 0 32 M0 32 C0.5 8.86, 10.48 0.74, 32 0" stroke="#1e1e1e" stroke-width="2.5" fill="none" stroke-dasharray="8 10"></path></g><g stroke-linecap="round"><g transform="translate(571.5795189919318 154.87916425458434) rotate(0 -232.13427841922748 41.22004118870507)"><path d="M0.23 1.16 C-76.83 14.86, -385.87 68.07, -463.21 81.5 M-1.11 0.72 C-78.15 14.61, -386.4 68.88, -463.61 82.55" stroke="#1e1e1e" stroke-width="2" fill="none"></path></g><g transform="translate(571.5795189919318 154.87916425458434) rotate(0 -232.13427841922748 41.22004118870507)"><path d="M-462.2 82.21 L-452.64 73.59 L-450.3 87.41 L-463.01 82.44" stroke="none" stroke-width="0" fill="#1e1e1e" fill-rule="evenodd"></path><path d="M-463.61 82.55 C-459.33 81.9, -459.18 79.19, -451.32 73.94 M-463.61 82.55 C-460.83 80, -457.02 78.04, -451.32 73.94 M-451.32 73.94 C-450.4 78.45, -449.64 81, -449.12 86.43 M-451.32 73.94 C-451.12 76.96, -450.96 79.41, -449.12 86.43 M-449.12 86.43 C-454.29 84.36, -457.62 84.76, -463.61 82.55 M-449.12 86.43 C-452.22 84.76, -455.77 84.84, -463.61 82.55 M-463.61 82.55 C-463.61 82.55, -463.61 82.55, -463.61 82.55 M-463.61 82.55 C-463.61 82.55, -463.61 82.55, -463.61 82.55" stroke="#1e1e1e" stroke-width="2" fill="none"></path></g></g><mask></mask><g transform="translate(35.68206787109375 425.1796875) rotate(0 33.14996337890625 12.5)"><text x="33.14996337890625" y="17.619999999999997" font-family="Virgil, Segoe UI Emoji" font-size="20px" fill="#1e1e1e" text-anchor="middle" style="white-space: pre;" direction="ltr" dominant-baseline="alphabetic">if true</text></g><g transform="translate(339.12511444091797 507.73828125) rotate(354.30815405668926 82.66394805908203 10)"><text x="82.66394805908203" y="14.096" font-family="Virgil, Segoe UI Emoji" font-size="16px" fill="#1e1e1e" text-anchor="middle" style="white-space: pre;" direction="ltr" dominant-baseline="alphabetic">Fetch /PR_ID/HEAD</text></g><g stroke-linecap="round" transform="translate(514.1796875 442.15234375) rotate(0 84.8671875 95.875)"><path d="M32 0 C67.5 1.9, 104.36 0.8, 137.73 0 M137.73 0 C159.93 -0.41, 169.96 11.35, 169.73 32 M169.73 32 C168.33 73.26, 167.81 113.53, 169.73 159.75 M169.73 159.75 C167.92 181.22, 158.63 193.68, 137.73 191.75 M137.73 191.75 C107.07 191.76, 76.01 190.86, 32 191.75 M32 191.75 C9.23 192.25, -1.81 180.89, 0 159.75 M0 159.75 C0.16 114.8, 0.92 71.83, 0 32 M0 32 C-1.49 10.1, 10.65 -1.43, 32 0" stroke="#1e1e1e" stroke-width="2.5" fill="none" stroke-dasharray="1.5 8"></path></g><g stroke-linecap="round" transform="translate(523.3125 460.60546875) rotate(0 72.8984375 15)"><path d="M7.5 0 C42.82 -0.54, 80.04 -1.48, 138.3 0 M7.5 0 C47.38 -1.02, 88.82 0.3, 138.3 0 M138.3 0 C142.47 1, 143.98 2.63, 145.8 7.5 M138.3 0 C142.8 2.22, 145.45 0.8, 145.8 7.5 M145.8 7.5 C144.67 10.88, 144.68 14.95, 145.8 22.5 M145.8 7.5 C145.55 11.03, 145.69 13.08, 145.8 22.5 M145.8 22.5 C146.33 25.73, 141.81 29.44, 138.3 30 M145.8 22.5 C145.78 25.85, 141.96 29.98, 138.3 30 M138.3 30 C93.84 29.61, 49.72 29.74, 7.5 30 M138.3 30 C93.41 29.45, 46.05 29.07, 7.5 30 M7.5 30 C2.54 29.5, -1.97 28.99, 0 22.5 M7.5 30 C0.84 30.76, -0.38 29.69, 0 22.5 M0 22.5 C-0.39 15.85, 0.92 10.66, 0 7.5 M0 22.5 C0.73 18.11, 0.69 13.66, 0 7.5 M0 7.5 C1.93 4.2, 2.37 -1.72, 7.5 0 M0 7.5 C0.96 3.32, 2.26 0.86, 7.5 0" stroke="#1e1e1e" stroke-width="2" fill="none"></path></g><g transform="translate(552.610969543457 465.60546875) rotate(0 43.59996795654297 10)"><text x="43.59996795654297" y="14.096" font-family="Virgil, Segoe UI Emoji" font-size="16px" fill="#1e1e1e" text-anchor="middle" style="white-space: pre;" direction="ltr" dominant-baseline="alphabetic">node-test-1</text></g><g stroke-linecap="round" transform="translate(525.09765625 500.59375) rotate(0 72.8984375 15)"><path d="M7.5 0 C50.37 0.95, 93.09 -1.44, 138.3 0 M7.5 0 C35.55 -0.15, 63.53 -0.58, 138.3 0 M138.3 0 C142.86 1.93, 145.5 1.02, 145.8 7.5 M138.3 0 C141.82 -0.61, 146.59 0.83, 145.8 7.5 M145.8 7.5 C144.33 11.69, 146.25 15.72, 145.8 22.5 M145.8 7.5 C145.98 12.11, 145.22 17.83, 145.8 22.5 M145.8 22.5 C145.78 26.07, 142.13 29.98, 138.3 30 M145.8 22.5 C146.65 25.65, 144.91 29.61, 138.3 30 M138.3 30 C108.64 29.82, 76.91 30.79, 7.5 30 M138.3 30 C105.4 28.62, 71.47 29.61, 7.5 30 M7.5 30 C1.05 30.66, -0.33 29.41, 0 22.5 M7.5 30 C4.02 29.31, 1.73 26.83, 0 22.5 M0 22.5 C-0.42 19.15, -1.56 17.28, 0 7.5 M0 22.5 C0.59 19.08, -0.19 13.73, 0 7.5 M0 7.5 C0.84 3.22, 2.29 0.75, 7.5 0 M0 7.5 C1.85 2.89, 1.67 0.57, 7.5 0" stroke="#1e1e1e" stroke-width="2" fill="none"></path></g><g transform="translate(550.8681259155273 505.59375) rotate(0 47.127967834472656 10)"><text x="47.127967834472656" y="14.096" font-family="Virgil, Segoe UI Emoji" font-size="16px" fill="#1e1e1e" text-anchor="middle" style="white-space: pre;" direction="ltr" dominant-baseline="alphabetic">node-test-2</text></g><g stroke-linecap="round" transform="translate(526.1875 540.67578125) rotate(0 72.8984375 15)"><path d="M7.5 0 C49.55 0.81, 95.89 0.29, 138.3 0 M7.5 0 C53.08 0.88, 98.95 -0.83, 138.3 0 M138.3 0 C142.02 -0.53, 146.48 1.05, 145.8 7.5 M138.3 0 C143.05 -1.65, 146.37 0.42, 145.8 7.5 M145.8 7.5 C146.62 11.68, 144.45 16.61, 145.8 22.5 M145.8 7.5 C145.68 10.14, 145.25 13.84, 145.8 22.5 M145.8 22.5 C146.54 25.89, 144.7 29.66, 138.3 30 M145.8 22.5 C144.29 27.1, 141.94 31.13, 138.3 30 M138.3 30 C94.18 29.2, 50.27 31.06, 7.5 30 M138.3 30 C101.6 31.31, 66.18 31.93, 7.5 30 M7.5 30 C3.82 29.4, 1.5 26.92, 0 22.5 M7.5 30 C0.73 31.34, -1.32 26.99, 0 22.5 M0 22.5 C-0.29 19.39, -0.86 14.97, 0 7.5 M0 22.5 C0.32 16.99, -0.07 11.22, 0 7.5 M0 7.5 C1.61 2.84, 1.78 0.49, 7.5 0 M0 7.5 C-2.18 2.57, 4.66 0.63, 7.5 0" stroke="#1e1e1e" stroke-width="2" fill="none"></path></g><g transform="translate(551.0779876708984 545.67578125) rotate(0 48.00794982910156 10)"><text x="48.00794982910156" y="14.096" font-family="Virgil, Segoe UI Emoji" font-size="16px" fill="#1e1e1e" text-anchor="middle" style="white-space: pre;" direction="ltr" dominant-baseline="alphabetic">node-test-...</text></g><g stroke-linecap="round" transform="translate(527.5859375 585.40625) rotate(0 72.8984375 15)"><path d="M7.5 0 C45.73 -1.27, 82.08 0.11, 138.3 0 M7.5 0 C58.71 0.7, 111.54 0.24, 138.3 0 M138.3 0 C143.08 -1.43, 146.29 0.69, 145.8 7.5 M138.3 0 C143.08 0.86, 145.09 3.68, 145.8 7.5 M145.8 7.5 C144.33 10.71, 145.23 16.14, 145.8 22.5 M145.8 7.5 C145.99 10.32, 146.24 14.22, 145.8 22.5 M145.8 22.5 C144.48 27.15, 142.11 30.98, 138.3 30 M145.8 22.5 C146.48 27.38, 145.09 28.89, 138.3 30 M138.3 30 C110.46 28.06, 85.12 28.58, 7.5 30 M138.3 30 C95.37 30.95, 51.87 30.96, 7.5 30 M7.5 30 C0.96 31.17, -1.14 27.06, 0 22.5 M7.5 30 C2.49 27.74, 2.25 26.83, 0 22.5 M0 22.5 C1.38 16.52, -1.19 11.36, 0 7.5 M0 22.5 C0.62 17.59, -0.26 12.61, 0 7.5 M0 7.5 C-1.9 2.56, 4.37 0.55, 7.5 0 M0 7.5 C1.24 3.59, 1.4 -1.68, 7.5 0" stroke="#1e1e1e" stroke-width="2" fill="none"></path></g><g transform="translate(553.9004135131836 590.40625) rotate(0 46.583961486816406 10)"><text x="46.583961486816406" y="14.096" font-family="Virgil, Segoe UI Emoji" font-size="16px" fill="#1e1e1e" text-anchor="middle" style="white-space: pre;" direction="ltr" dominant-baseline="alphabetic">node-test-N</text></g><g transform="translate(536.1188812255859 400.6640625) rotate(0 64.09596252441406 20)"><text x="64.09596252441406" y="14.096" font-family="Virgil, Segoe UI Emoji" font-size="16px" fill="#1e1e1e" text-anchor="middle" style="white-space: pre;" direction="ltr" dominant-baseline="alphabetic">Jenkins Test CI</text><text x="64.09596252441406" y="34.096000000000004" font-family="Virgil, Segoe UI Emoji" font-size="16px" fill="#1e1e1e" text-anchor="middle" style="white-space: pre;" direction="ltr" dominant-baseline="alphabetic">Cluster</text></g><g stroke-linecap="round" transform="translate(17.54296875 504.697265625) rotate(0 156.90625 45.962890625)"><path d="M22.98 0 C109.96 0.15, 197.4 0.06, 290.83 0 M290.83 0 C306.11 -0.55, 312.22 9.17, 313.81 22.98 M313.81 22.98 C315.17 34.78, 313.19 45.57, 313.81 68.94 M313.81 68.94 C313.47 85.46, 304.65 92.13, 290.83 91.93 M290.83 91.93 C226.37 89.26, 160.92 91.32, 22.98 91.93 M22.98 91.93 C9.4 93.79, -1.46 86.11, 0 68.94 M0 68.94 C0.23 57.24, 0.29 49.28, 0 22.98 M0 22.98 C-1.79 7.47, 8.49 0.9, 22.98 0" stroke="#e03131" stroke-width="2.5" fill="none" stroke-dasharray="8 10"></path></g><g transform="translate(28.714691162109375 530.61328125) rotate(0 142.75991821289062 20)"><text x="142.75991821289062" y="14.096" font-family="Virgil, Segoe UI Emoji" font-size="16px" fill="#e03131" text-anchor="middle" style="white-space: pre;" direction="ltr" dominant-baseline="alphabetic">Attacker send a commit changing</text><text x="142.75991821289062" y="34.096000000000004" font-family="Virgil, Segoe UI Emoji" font-size="16px" fill="#e03131" text-anchor="middle" style="white-space: pre;" direction="ltr" dominant-baseline="alphabetic">the HEAD of the PR just validated</text></g><g stroke-linecap="round"><g transform="translate(334.623046875 546.109375) rotate(0 90.22265625 -8.216796875)"><path d="M-0.76 0.55 C28.94 -2.47, 149.21 -14.69, 179.39 -17.5 M1.04 -0.2 C31 -3.17, 151.81 -14.06, 181.55 -16.52" stroke="#1e1e1e" stroke-width="1" fill="none"></path></g><g transform="translate(334.623046875 546.109375) rotate(0 90.22265625 -8.216796875)"><path d="M181.34 -17.45 L169.23 -9.82 L165.61 -21.85 L180.52 -17.5" stroke="none" stroke-width="0" fill="#1e1e1e" fill-rule="evenodd"></path><path d="M181.55 -16.52 C177.11 -14.94, 169.91 -10.83, 168.55 -9.03 M181.55 -16.52 C177.82 -13.42, 174.25 -11.94, 168.55 -9.03 M168.55 -9.03 C169.01 -13.1, 167.41 -15.84, 167.45 -21.66 M168.55 -9.03 C168.57 -13.75, 168.13 -18.99, 167.45 -21.66 M167.45 -21.66 C173.3 -19.23, 177.13 -18.74, 181.55 -16.52 M167.45 -21.66 C172.5 -20.33, 176.8 -18.67, 181.55 -16.52 M181.55 -16.52 C181.55 -16.52, 181.55 -16.52, 181.55 -16.52 M181.55 -16.52 C181.55 -16.52, 181.55 -16.52, 181.55 -16.52" stroke="#1e1e1e" stroke-width="1" fill="none"></path></g></g><mask></mask><g stroke-linecap="round"><g transform="translate(178.978515625 422.36328125) rotate(0 -5.060546875 37.341796875)"><path d="M0.11 -0.5 C-1.58 11.79, -7.39 61.3, -9.07 73.97 M-1.29 -1.81 C-3.15 10.61, -7.9 62.57, -9.46 75.13" stroke="#1e1e1e" stroke-width="1" fill="none"></path></g><g transform="translate(178.978515625 422.36328125) rotate(0 -5.060546875 37.341796875)"><path d="M-8.95 74.54 L-13.86 59.34 L-3.5 60.73 L-8.27 73.43" stroke="none" stroke-width="0" fill="#1e1e1e" fill-rule="evenodd"></path><path d="M-9.46 75.13 C-12.03 70.88, -14.2 64.2, -14.33 60.94 M-9.46 75.13 C-10.62 70.56, -12.77 64.88, -14.33 60.94 M-14.33 60.94 C-10.38 61.06, -7.46 62.26, -1.72 62.28 M-14.33 60.94 C-10.81 61.93, -7.31 61.51, -1.72 62.28 M-1.72 62.28 C-4.79 65.01, -6.5 70.01, -9.46 75.13 M-1.72 62.28 C-4.44 65.78, -6.34 70.88, -9.46 75.13 M-9.46 75.13 C-9.46 75.13, -9.46 75.13, -9.46 75.13 M-9.46 75.13 C-9.46 75.13, -9.46 75.13, -9.46 75.13" stroke="#1e1e1e" stroke-width="1" fill="none"></path></g></g><mask></mask><g transform="translate(179.65406036376953 445.1484375) rotate(0 35.34398651123047 10)"><text x="35.34398651123047" y="14.096" font-family="Virgil, Segoe UI Emoji" font-size="16px" fill="#1e1e1e" text-anchor="middle" style="white-space: pre;" direction="ltr" dominant-baseline="alphabetic">TOCTOU</text></g></svg>
\ No newline at end of file
diff --git a/apps/site/public/static/images/blog/vulnerability/example_test_infra.svg b/apps/site/public/static/images/blog/vulnerability/example_test_infra.svg
new file mode 100644
index 0000000000000..3d2135477ef60
--- /dev/null
+++ b/apps/site/public/static/images/blog/vulnerability/example_test_infra.svg
@@ -0,0 +1,4 @@
+<?xml version="1.0" standalone="no"?>
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<svg version="1.1" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 758.03515625 439.6640625" width="1516.0703125" height="879.328125"><!-- svg-source:excalidraw --><metadata></metadata><defs><style class="style-fonts">
+      @font-face { font-family: Virgil; src: url(data:font/woff2;base64,d09GMgABAAAAAB3IAAsAAAAAL3AAAB17AAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAABmAAgTwRCArUML44C2QAATYCJAOBRAQgBYMcByAbVSMjAzVy0dKR/eUBN2SKH1CaQdmRiEwtIPHq6nS6uuzU08/XcDb3n7NP4ViUdTc8GSHJ7PD83Hrv//2/THrFiBzRwqKpESMqBQQLUbQ5wqggLS4w8krM4iow+oIn8J69u+1/CDzhAppGqcQaBBx43P7Kab107b6+7pYlTzIg4wB6gTCJa8u7n5aO/3CNr8m1W5bMGYtsBwacOOHhZIFb6g8F8I+oXDYQnAgc7On/6bSk205qZS1yecyvT7I+6JqZdn5LAscOjCTTsu3wYuAIpJH9/+W7/J/+1tvxmbkYAAuGaJvG/1pTC8w+xlcawFdg/lfau7K8iTMVhnGvuFVAm7hE+gqnWKnaJiOm44RFpf0/8VSAyLVF3cDfMHFPOwcuBAg1pRcGIK9mACBWCSgAKwX4mHTATkRYFgUABPtmPtaiItY+Wv/LYcMkrQBgPlcE/PSfFiCGKUABXiuE70CC/fUKYgMuLyPjxk+AGGoGFgmsUmXJV6leq/YNP8E+lIlaJvGByTKSClVr/CjZX088dMdtV11x2SUXnHfOhM/v3b1zCoJBuOvVWelY5BDpwbj5su6lJJ+tCPhxRvTQbB7q9YidDnkv8fXu0N1ckQvHzT2POYOZwU/QOvfE5xUXlBaES2qSEnM15cpInpcwIF0pzMrQiRwTZFaDg9ib6WMotkbEOWpd3qLs0XXdl/0iBr2BrikjK1Ew/jM9FlYqJy3U52pAOLTkspAC0kDxRSEEFlYdF3LVUzN6jEPwNJQyBQkhITwt2UfG0XVLd8tEAmGYzv0xCKJcQH+C0OccmukdDM1M6bzk+z6HyFOkQ1rdTWwOm9TnQdVTApMqiNLr5UxTfQ1rMuj1mL6LQxKuVnvYdl2OzKiWvy8Y3gzFlNBmQEZG8gyGWzTAyYTO8uPqgE2eP8mRJ0j6zBDZfGk8VK8/VdWn7HzOJoWti6m0eVUWax8Yx4CAjuM4lKv6/7Oa4gSZEWsvzzEQ0t5QsIyamkuLFhlqHD3TdfXh3tOgCOgTVc27u2He+BM/NhJAzvkSd7gDdtd88PLzvfdPHJR+7f2LNTlHQSCGYkgoEIEQwoO0iPnxcw7oxoDbeYvMc6VDH8zf3LKkIYh/m5E5MX4ePHxe2GEqf7G8vEBBPYOdpu5zvd6OLG4dzB9cUbE/HkR1UXkaxWDzMYdhcz4M1ozkXt6MHNPPNr7WJqPYSrscjxzg/j7gz2D0/uXu62giauPuXUv36KQgGIaGkgb2XVjvS40wZJcQ4oDPfJhEo47nAg4V5UsxDxawLJtGsX/ETl/374VLmMpaa3uVGeA5hoXSYlWG5C+CvPSUqyVoQWOmcf9sRnkUgpn4MV+Fmg2JgCpUGB4TWoQh1E+TvrSbzriHRFN8uyC3b1c4NpTXm6nu99UMj1kcu/DXzDGQTkGafzajpopu7MZ8m2/Doe8vv/km8C9lX0fvtyZHTPRz/fTwJadAkDQxGjap1FDX9UA/39WNhu7rnp7rPnf1/qxEEZszmEY/MTmeYqm82yEhiIc+5UNwQLkNkZKah55W4bBSqgPTaJPsGKmNW+jYB064D1EU4RZC7gJqIbCuYGCVwi3JA4SZtPHRoyRO6DclRbBlNpdOXeq/v6We/t0ommIgcGCQC0hjpg44QQiRp04B+ZYwwbYOckUHUMpnT9pmG4JbUV3y1m20x5R1/tohQu7B+gs2P7Y2Zv0HjFuNMTstA6YHuq+7ut4oVKV0EVC2M0pgOM6drComrJWubxTmF5WBMqu4lvTbEmjFawNyDsErZen1bsVyZbV1RmaCEBlazvBRocqFFZMxq0goUaMhSFisGej7nC8tIWMbuIHIcK0ns9h3M0qQdgWBCAQhF+ycgXcQzYrBLfsIZpe6usF82cuRECIgnSLJQdBosFw/3U+tDYsRO8hIZOnu5AamcnFYzN8ssOSa1gqsGRj7tksjRGtJ4qVJJolP4FC7C+w7dPzvLDU5NTVlwNVbMLyRzV2/Q+NEQo0BvTGU1zJr8rqoDWXlhzQMpBhmSJDOiiKi2NMqt8YMAtKhIaGEpIuZhnSfUKxhSMv1m1WpM+npb8tkMGyKDp4WMcQkPLKanKIVQp4Qgpzu5ndVTzE9sDYL1X1DSVAc0HW1utiT8Kho8zxqrtMsNXHV7UPidoy6wvvMfnWg+HELJR1b2bSlyBEucDOcNveEC9NntqU9e+qwGdOAZ6xdpJ44Zj+/q7fWHeYbChJ19Aqpj0Ya0kWaNyEn3gaUNe5a8vzpJ1b+U25EjlpA3iXckJI1jdwhpgQ7keCNGgUdt3XQ7o4yquMCLtHd18Zp+S9lVtZiUjmowPF0Wpjcyf+mBTJzao3UpISsZpP9/Mx0ai0bs60SlXbehER1nptZSp0Wo3J2Ln8epljG0d44zP9pt+PvPyTP1aZ5EyL2fbAS6qaX7iSk4eNsT974RbVKuvu9HtRNpm65jLB947cCW+2nNZlGDIKgAKpK6nGPPE6QQ7lkmwkK+mVFQqY4kpzysIh+C2ovsaI6rTDlptNs6A9fbg9CeTRSj8PDdBy0wQRDaXRwnxSsGo/v2qPGXsROUh52oQt6yiOj5CIdDAkBxjCjHI4cGaDjBTtXx1tcsFWtzEF3JqZE+4VO0+lSV9Yp1WO89fK420kmLRVRQRRrTdhAsVx2+Y/jqsyiNBJk6HhBCvJb9NNeobW9z+MSlelbQZln84LsYDjezDUfiJYFoWXW0yqUR583dXkM27JYIyE3kYRUSrXmr+ZaDpaaMEQGnQbqp9l6kqv9R5Rvzmn2eXgaciEEeE5ztQZTFhL5lIiXXJgic4iCSiyz0g9dGh+Z0ddo/OO/bVrmmkuos4E60rLnGOYpEIDZqhsdEBoKEsY5B7xheOiENB6n/xhhKPx+eV3RPbK1xc+rF4a1TZarc6N8IwynetKoeRrwtm/r4N15kk1vxcVah3KaQOKesFZA5m+3jfxBvkTmA+S8Onj48nNVqXaGpdHpBIzv0CeUt8Dux0XV9sj9ys78CnmtZBPvubW7P6j6KuL8j6ziIfy2rNk7wMBa01Y319uC9AYsL9AOIc8luKKpuUQaHmmdzpvpWkJSQllQHrYNzS7tCxXfQ73laZbWWjtxR0FtXb5hkflojBhe5JrA6Dg6Zltvhw1BvP038JE/yddy2lBVIBQEy8v4ZCDN+nkUcxIXFa8xdZVsnJNNplM9UyzrbbAJhtw8SXr3sySkocupNTOdU8ppvtzP1uzMk8qvPYon4qNTukDG9s54vSSjuA/cTh3UcTKVaO4Pc8Cquwrny4LDzvvWbjozUM/vYXhVeZwDv3UM5AJ2IgUG9Vth8HRIILa4CKk0atTDqY32byrDkdn/2v4cS5g+g1yG2KGxbtYbbKBupmaeWj5HVJavKapE80JRz1cYSgfJmaYYYUVul39wzaXdj4xzkuCjdOhF8iCwWz/SsvsFp2k6s/IKZVTHWyGq7WrIOWF98HG1TzUKlDSm9sx8cL1qWTJzKuv2TMlVV1WnQ1LNI7b3UxQVZK8RdQ9aswLnPsyAuO+fPOM1pEJFRnPDp5xtqtmN/5/NMZQUWSGtjkErXqdDaGkkNL7TrNfO4pnnsxNzL1dc9DoTxR4W5qXH80kyRxno09LkZte5qWcIZ3D4RNs0jPniEHbofsAUqBzNCKr7OYbh9/c+aST5z3q/YpqeqxV6TCCTLqsY+YvJeMzEOZaxBGsi03grqqOlgD5aMvFTV+cuHVNT9Z06k709tochebWZzlO28J+g47/d9SqttZ8RVZF60wmpSxgbYQjoc9Kh+DrgP2/bvZcs0hln7SqzWDPS4gvWJMEJ8iU0KztpeokX0p3CSfQwDmJ0iO3a4OHLexiebU7K42Cf4t2wHbvl+xDtG2l7JUOey40FBI+uSosdnWhzMzjG8LS0aEkJxvGoSfvPI2AnBMsC7IOsFs0jPvF9QJfsJM/u/JFsh3Jy4zDcL6pdfTaj9dZMKDtNyj328Ymd7k4qowwlBASujqPKu/PskISlf9kbkep3MuriaK1lcgebEcpzIjJn12Aa//wOTtCizHe6VpZS/r4zQKHNsYiApFl1oZeU7hdALAzp7tl9+cbsx9Fz2Xq3OdBF9/mcjJls4jFR5mrGFU215HZpjqEg4/FGa4PpVm3z1YBlOH/gWPOGpGDtIlfnpUJDTV1Ys4BHEWw0DqPGoePD9RlXzxb6X/jLsL5KzGBx3/JvyuoDZQ0wkJGBxbX59JecROPGmE3u9mbXeAUVwRp4ZTqHLo36H8CevJK0+0Zi4xJ90FG/Uh4o+kZr8sOpVHuvjqB3/XcH0N/u0MkDLChuFTp4P3MjXevP7C1gFDW1pri5MsylDrh7ADFNbQ8cbIQ2dgZKx921O0nPGgOTjEp+2jGyBWAWQjh+jyRyns1JIUlzSTvZFxe3cpx8Hcl/0dEQRE/YtoNjm7+WTWnFm7af8MYmUsBWZ9LtKwt7fEFXRM/z2Ke+5FZeACfQlv4mOQlHYAREHGsMZzrPMkelHPu9dWNU4mHytQRJRL8wR6yFnzI9kBEUgqLNFMhqrRGUkgO0Xghql+PrUx24+A6FVg94uND0Ssh7h/X+fL1g+86ic5nPyjr7BQVuvZd1T9kbDwKdSBAL24t/UgwkUvPzz/E7t9aC4wvX/353bPV/zupZW+Jt7IwuJGUVJ5l0e8zHasrav/ZVaeeyRMJYYKN/Y5t2M6CAsngFledmJ0r7m8Z7JUhpD4b2lOFCCkJjEmoY9Dy03NxOoHF/hzo44YyA7L5bj9qIlfioM9oRNZuicR0ibp4lakyr3dBVw4UC6AoDxclqVdC4q1+h9PfkNHH4UzJopVfNlaV4aK6XddzqXHNBw4pJda44GiUmFq+eZM+pt0al4PnXr248Ogqv8912Rf39SbeC8Cz9OFfCgijtosBOdg002lGuHJN2X+mWtrDTzW2H+ck6Gt17x9gAC4E4SWhaPCalzaS7zzMY3ldjYd+cPn06XzeOl2BS58B72uZmqstoXiP35/G5EakVzNb69TTeI/BrBmWtDa7WLRVs4FFpU3jA6ZKSfaz9Mq71Rl7625Ydr7f66LUfeDmwC9Y3dKK8cYBjFhFT5oxDiBTZb2AgnL5zS1whFR74yT8wnm3GSKncjVf2MOhjv8800yYvdgAtgjeINc13Rkv8fUG67weJ9qF/ZgPIm9JkqR3Lm/EGDEdaWQRkSqJ/Xzffbe7lRAIN+cq+QstmAXhjVF+RuiJ3kk3J+ePvt/qs9QnWIHWd4wBAk/HVKJdhsLXbzUrqjBWhUd3ukyc1tq38SmAruTmMDFobk0dGcIzd8jGrnGJAKELSWSP5PASyOKHVbTj8kQN113uteKmCsTTJZkg2yFSn8u8Zn16/V3DhudqlhL2SKW8z0F+QTjkZPrduo5RFB3AMNiKWpLSkFy/OrnMk6kI+h+pomEXQcM11FgUZVOBZGJekJZAwyMXzkRIsP/A5ptIpyMdZxkn+r/tHB84eXWy/PVixdt3677CY0Es7la5D9QSDcLdWMPpvKRGLxYlIMVLm4Y3mOeqYg5TBCe25b8tD7ifPI9xpESY67KK8ad+r3K9cYCKo4zkIOYTKHoxHB9kcUNKCYwloKvPmL9Ed+3p7mJMFVzJ3ddYm/cH73+Z24ysDgPbMJwv+1R6JpTWZKL4+wrRbI5ydHnn7/PDJfanWxfTvDMU9SNeGb2LiS8gF3AIyUusk0xGpdiF2yj9+LmA03l8scUUL2MQfbXje10SHI/sX7ozj4bmg5AsN1iH/xkDhkfInmmMqZPwurMJLZJ3FkuZEZ/hRM2EyMoFyd7Pe2tU0kRhko8QZ6iD9JIek4YMPY8e5qEnol11plYeW2AkOXYIokl7vABMZZL2DRyJ35rAY7yJbXdEC8Ee5XarPfvYpPbPR9CODpKOUMNmj8UGkIK/C+XF8wEprGNrqvSNVea33qcj8OPlWuevwNM5F7QNQlpaFQh3sEv/eQFLhBOSytYbOhv1ngw8S3ZcX3m/iYf6oP8YvclkLPLeHzgF2ywgMDPfVsRrO/lISHVAsSvHMRPsG74lcpZgIecRPZeuhuBDKDiAE5c6tDkRPk2xTEJvNgSxxKn9aZd/Z24MMNaKCH4J8CsukLaypBdJSL6AhLLSXUVaYJDah8kKy7EESQ6V+aSsFScqD3MINPsS0mYClBJtMlTl1zRlSdYhfBFzX6ZzH954VWQ9OS66gtwMK+AvWtu9IiJWlkPi6HC134MspKvGWcelFZI7cNfoS2rTPRZWxDs8QNAgAoalvB2u3/gRZBcFQF7E6dJuAgBkj4eTU1xbrO2A2x4iykFkIyW9gidd5F62l2mx9txAaLUH8mbTPCvnP4/itirnrZxYoNJezuOavOBnR/B7Sit+fzehB+EYUiycRw2VQNnflqRmb8vufK/STp3/ukX8nbU5ajCy/IRjPIiswi2wEc5j3J3C/aXHoifsJSXE/1R4WFmxPH7NttuGb8VpukfwzL0MefyQWpBveT10RldRr5KsCRXGRQiCm4zGxfQhoy/WBms6PFAcjkdPMnlK9Odcq7AZUYEiKOsaW9/vtIqifBcueApp9EVB8fSyKd7TVpv6b4FEYOFYWi1llVmyBLMvHZgy+58g8PPLht6UB1PsabAGesTjaapyhWwo4EIrLOjGWh76FdSv44U8VNmtznOEjV3Lhv3WS62F88bX/6DtcD/rN9XzoHajh0G/SKI2EQS6WECyR8ty4nHFKKjGbdB5QZrJ8nynWKeHB1woVtJB/612Xolfaat1mRzHvbBlstPrD2ejJpys6jaCp/6PmzJqixSoq1rsYyYFWboX/0TlBY/GOFPzMpliX5t7gmITuvDfqqNrSWtiMJEj3HcwGsXGMHH9rKkiE8xqd/++S8ZlRTh+LPNalCHOIKqy0G93ewMIaKCb4zELwwg0SFxLcwGrY0UDbQ+NiqikV9hsxHVwjUcgbd6Ki+dJx1gWNNrAUJmBcwhWwmi1hP5PtCKbQWrTJdCcHd3KcXNoGU+d55IW8WsQQJfnXbfxeetnuIzqaFlj9P33jnOS7sG1mnyMqeXETF/krSFC/ZCxQ7p7r4iLjqOG+bmfpeEbFKg6hfdM7pQ2Ouvk+3QpWO3D52QJQfo3NlmnBXucDFy3XQvmxrgK2nklFKYXr7Ohka6rHl40XGN26qACN2i3h/35lb/ChjiuXDhws4/miLeP53IrjN2jU2kpAjGN/k/y8h26h58xoyBj/wtYCzwyQbVulc+2LO1Yrce7EYPEAQ0xpoDxv6ozpTdr7LRvD6QWlVdPrGlKiussGtjTPS12gWNzdXif7qElla4nnCvUIRq0tHHqPvXxBd7n5a59H9xahGG13bOz/sJSlOyIFQo3dNzbojxmoeAP2cohpHWdu4+PZZeJdiE0cQS81sr1pZVgMiiE1nYdIVqyT9QkLIdGWg3Wftew0l+i2T6lFilVVdxNtfE/oqT/lXSLtMzETiezKjWHfPJytLM0N2hnUUvKhl3UQcY+EW0W0LkVRpEa5KK3Mk28vZ9+Bc0pN6CxikIUQOJAx0kAAwpBTFAf+X3R+1UP2OorjNMZc4shaTtKIUfSNipCEs00bXXyt0rCGZeviggpgidHD4kvOgaYaFTlsWDGtZ4CPz2T2SPvofh5XO7KuNB4wz9Z91iXId/tFdUlSVhdzaQId/jE8aM+vjS9abtbEoYVeu99Gba/lzLIrvYxF/fq6+FoN11Lo8u9HgB0kkhMXdiTQ1LsQymiyv2S0NBBYG8YkwndVofqtAoi2QwGpYAt9Xhcx6uR0skOsj5CJ1+GutGq5S7xcBZBYxC/d0UFlcf49mIgNbvAcw63/8C5FxAUazecu0ZVX7h/9gCeBMkdjts2hDJ3MNngT0tK1IcKgH6W4UgLJFFVLlhodEKC+/T4DxMJTZNcwzc7PLv4kTket/mZXt9zf3Oo7+PzniwhdJBmMoXmqHN7sTxLZ3yuDISCB3LEvkz9f5sLqjRjBYb4Qp2ZTucP/c7M8uO/q41QZecWjCqOEjMkOfrO79O9UkS5CZStJj5f/ctHK6GZUXryylpt+Y120F3iVcqjmb1cI7VpJGCnMcT6V+DBe0vd+SZdHB5+jBXEPC4WccV3/OykKzGw8Njqc0WKmRgb4xy6JMFEiU9LOJYQaAU6ijU8c10/NMOsiI80Hy06zH8jFGl6+y4rNKGvKf0S9SG4gUghOYRV6r1Wspbit7aH3LxyuITSrdpPKDkT8Oe5RHWSuoNNuUwX9nE1BcpRA9wv0R2I5aDZiR24UhVMXNoH/v8PsO8kUbBeZi7e2zCoTCCQmnkvGNscMT1ceO41KUtw0CQ0UphbQvfOeQ2vfnpQjARnp4exKSpsA8VjFIu82/epAtBIziPZOvyoufM+vrb/hQ5L6QcTPo0qzG9DB1p7BYoiQEHLRrsS5+ksHA31OUynlThpPLtbjf1yOqKuJ2bJ2U9P295XrMbX/T3tpbLwcxQ3vz8605hYCLeUrLxbu1ax36suYnKdnaO4jVb4gdpBKvUoEZKpPu8DRhU5BjRQ6zOVVQgs93LNiYhu94xJPeAnyZySBBnG+94v2FxkeJ9/wQvNLZVHx7XePrbZMkDJh+ldOmxS0trOp/9dNl/vMQYrJyhTdLPaWRI5eBgPj/hxAHsakU6sQJdAVuGpWEHYXyLciryIEtD7AZapDg5O5vgmNO3Sfu5ipa5wwNBzFCCzttPhclReZAltAekVCyH3D7QkWaVdVb/Wws9HGSULPQPvfxBU4xY5TVs5R5yiOmoyFJOC4qKbKs/K3tk9718dYlsZcCjQciamd6/imtMGf5Fn5pTnBq3Z6uNrLPU1gDjNQGWc3uASl+noLwro2XF0oZZ4+imU5KECRnvDTgnepY4h7k4tUT2TGVXgmhXU4L6SGdaVEdbTAelJaea7ez5nILaQiL76IC2d0E7FgbDosZGBmQH6cHHYjbylTbb6DQEatfrJGGW64lBoUiAr9rK8ZM4Ps7l0j+atuHbfFLHOK9kqrFnxh2bGCzvh93t2tQK3n3nINC/jdafeQiirwHghs9dkaryl1jg03FF13wGvVWu6HHHkKhkjQF8oRXauJn9yNJU2Ptny6c7P73ZORJIRAoZlzmuK4N6bZjZJ588C+cZjkFJumVRPEZKehogdPteHcDJp/Gaccbq4Q7PZ1hell8A2ivD+kntxzCCwofGdgDbF6qQaaQqA9Zq+cJl/3f2UdUS/St1XOMRJaeEcnJh8lqQpmh8ZbG8XzqJPZrtePu0KilgTAup0q7NsjRJRQsIsh+SBHvEvIcXVer8KpOJbpH7q2w6R4hP58J+Y6LOcIKDY67vuWK1UuuIM0LvOloQRE7hrh5/G26COVb3lzXrqwd0swhgLhEel08U+Um/+p0Vj7Kr7L1SMvZf/m1N0Zdi/Al0rPeDJxL3OXyqrP22z6U7OXfRKuYZ9VskdOaZxYL0SmrwvlKmfQVkRrslz4wk5tuHZNfJzlvKtUkl2jLqSYhJ3u7HedRtxrGi2gmX4aNFpPHw7ifTe8l6CLWpUyR+Qoje9w9YoN+guJcG0QDUYfCVhQlhNsT/lRvMYVQJH/1X/jR80Dy/KZUW9Ih1LRX3ji/eraty2f77yBr//j/G3O/YZegoTI/pug7JAXHuYBLgWqjB6APwbXU/YFFGcTbjg0ef3PMP/fE9pcR20vShdBBw3Qu5Ow0Vh141wJfjvw+h9e9QjKruHYvUQtQB7y3zQNXgJgDafTI+IvjbvvH4K8bRIaDqkMJz/t53mDkb/YeQCw/LxfhQji2s4rNwjrSVDpf3P0MuKC0eCTDeNWKmDlFk6JkpUeAxyIFUJzjQqoibKg4CRfoV0mUiGa0VQEw95UVBprKoFARCrGmSNwADD9lZqU/2gNH8lK1bEFhUl67ljq2Ezr1RHzjyYlX3FpqJUJlCmRgcF/aaQfc5Fhs+0QoAgwRD4a44S+luZpaSiqVa9B+xOVtnWFmcTcFfMgvkEZ6VJfpB3I5NCCdGlM1JazQkMOi2fKaDGUVOkcfK1erSbSZVGshc06lJ6OpWgFSqgaFKSFAQ==); }</style></defs><rect x="0" y="0" width="758.03515625" height="439.6640625" fill="#ffffff"></rect><g stroke-linecap="round" transform="translate(21.440201913150304 52.10168989925296) rotate(0 79.91932012384586 35.46484375)"><path d="M17.73 0 C58.9 -0.76, 102.58 2.11, 142.11 0 M17.73 0 C60.08 -0.19, 104.75 -0.91, 142.11 0 M142.11 0 C153.87 -0.14, 160.6 4.79, 159.84 17.73 M142.11 0 C153.27 1.96, 161.76 5.25, 159.84 17.73 M159.84 17.73 C161.45 31.08, 160.85 43.4, 159.84 53.2 M159.84 17.73 C159.1 29.57, 160.08 40.05, 159.84 53.2 M159.84 53.2 C160.36 66.94, 153.22 72.92, 142.11 70.93 M159.84 53.2 C160.57 63.81, 153.85 73.21, 142.11 70.93 M142.11 70.93 C99.97 72.6, 60.3 69.86, 17.73 70.93 M142.11 70.93 C100.19 72.48, 57.41 71.96, 17.73 70.93 M17.73 70.93 C5.65 69.03, 0.2 66.06, 0 53.2 M17.73 70.93 C5.07 69.29, 0.73 63.04, 0 53.2 M0 53.2 C0.21 45.81, 1.19 37.41, 0 17.73 M0 53.2 C1.09 39.86, -0.57 25.42, 0 17.73 M0 17.73 C-0.76 7.74, 5.06 -0.57, 17.73 0 M0 17.73 C0.63 5.17, 6.06 2.22, 17.73 0" stroke="#1e1e1e" stroke-width="2" fill="none"></path></g><g transform="translate(53.52511041590333 74.41603417947044) rotate(0 47.83441162109375 13.150499469782744)"><text x="47.83441162109375" y="18.53694405260566" font-family="Virgil, Segoe UI Emoji" font-size="21.04079915165228px" fill="#1e1e1e" text-anchor="middle" style="white-space: pre;" direction="ltr" dominant-baseline="alphabetic">PR #XYZ</text></g><g stroke-linecap="round" transform="translate(273.30859375 11.94140625) rotate(0 82.9765625 82.9765625)"><path d="M84.5 0.17 C95.07 -0.57, 107.69 4.15, 117.84 8.89 C127.98 13.63, 137.83 20.13, 145.35 28.63 C152.87 37.14, 159.75 48.9, 162.96 59.92 C166.16 70.93, 166.23 83.8, 164.57 94.73 C162.91 105.66, 158.85 116.08, 152.99 125.48 C147.13 134.89, 138.66 144.68, 129.41 151.17 C120.16 157.66, 108.39 162.4, 97.48 164.43 C86.58 166.45, 74.85 166.08, 63.98 163.34 C53.12 160.6, 41.16 154.64, 32.29 148 C23.42 141.35, 16.12 133.22, 10.77 123.49 C5.42 113.76, 1.24 101.01, 0.22 89.62 C-0.81 78.23, 0.78 65.93, 4.62 55.17 C8.46 44.4, 15.65 33.17, 23.26 25.02 C30.87 16.86, 39.1 10.49, 50.26 6.23 C61.41 1.98, 82.82 0.08, 90.19 -0.49 C97.56 -1.07, 94.7 1.16, 94.5 2.8 M54.09 6.43 C63.6 1.29, 75.39 -1.76, 86.26 -1.21 C97.13 -0.66, 109.28 4.21, 119.31 9.72 C129.35 15.22, 139.38 23.12, 146.47 31.8 C153.55 40.48, 158.6 51.12, 161.82 61.79 C165.04 72.47, 167.13 85.05, 165.78 95.83 C164.43 106.61, 159.74 116.89, 153.71 126.48 C147.68 136.07, 139.07 146.91, 129.59 153.37 C120.11 159.84, 108.06 163.76, 96.82 165.27 C85.57 166.78, 72.97 165.46, 62.12 162.43 C51.27 159.39, 40.57 153.97, 31.7 147.05 C22.84 140.12, 14.29 130.91, 8.91 120.86 C3.52 110.81, -0.14 97.8, -0.6 86.76 C-1.07 75.72, 2.16 65.01, 6.14 54.61 C10.13 44.21, 15.5 32.36, 23.33 24.37 C31.16 16.38, 47.85 9.54, 53.11 6.66 C58.37 3.78, 54.29 5.96, 54.88 7.09" stroke="#1e1e1e" stroke-width="2" fill="none"></path></g><g transform="translate(303.4619257359773 44.744678726700386) rotate(0 52.649940490722656 50)"><text x="52.649940490722656" y="17.619999999999997" font-family="Virgil, Segoe UI Emoji" font-size="20px" fill="#1e1e1e" text-anchor="middle" style="white-space: pre;" direction="ltr" dominant-baseline="alphabetic">Maintainer</text><text x="52.649940490722656" y="42.62" font-family="Virgil, Segoe UI Emoji" font-size="20px" fill="#1e1e1e" text-anchor="middle" style="white-space: pre;" direction="ltr" dominant-baseline="alphabetic">add</text><text x="52.649940490722656" y="67.62" font-family="Virgil, Segoe UI Emoji" font-size="20px" fill="#1e1e1e" text-anchor="middle" style="white-space: pre;" direction="ltr" dominant-baseline="alphabetic">'request'ci'</text><text x="52.649940490722656" y="92.62" font-family="Virgil, Segoe UI Emoji" font-size="20px" fill="#1e1e1e" text-anchor="middle" style="white-space: pre;" direction="ltr" dominant-baseline="alphabetic">label</text></g><g stroke-linecap="round"><g transform="translate(185.65234375 91.484375) rotate(0 39.58984375 3.224609375)"><path d="M-1.18 0.42 C12.14 1.47, 65.74 6.01, 79.28 6.89 M0.39 -0.41 C13.62 0.22, 65.16 3.82, 78.38 5" stroke="#1e1e1e" stroke-width="2" fill="none"></path></g><g transform="translate(185.65234375 91.484375) rotate(0 39.58984375 3.224609375)"><path d="M78.55 4.7 L65.4 10.42 L63.38 -3.7 L79.32 6.63" stroke="none" stroke-width="0" fill="#1e1e1e" fill-rule="evenodd"></path><path d="M78.38 5 C75.47 6.28, 72.04 8.52, 64.33 10.26 M78.38 5 C75.02 5.57, 71.1 7.36, 64.33 10.26 M64.33 10.26 C65.83 5.85, 64.61 2.57, 65.32 -2.38 M64.33 10.26 C64.85 4.91, 65.22 0.03, 65.32 -2.38 M65.32 -2.38 C69.51 -0.87, 76.73 2.3, 78.38 5 M65.32 -2.38 C67.59 -0.17, 70.65 0.89, 78.38 5 M78.38 5 C78.38 5, 78.38 5, 78.38 5 M78.38 5 C78.38 5, 78.38 5, 78.38 5" stroke="#1e1e1e" stroke-width="2" fill="none"></path></g></g><mask></mask><g stroke-linecap="round" transform="translate(524.11328125 10) rotate(0 88.525390625 88.525390625)"><path d="M111.25 22.25 C119.26 31.56, 131.38 40.7, 154.8 66.75 M111.25 22.25 C125.26 35.73, 137.49 49.38, 154.8 66.75 M154.8 66.75 C176.77 90.37, 175.55 88.77, 154.8 111.25 M154.8 66.75 C179.31 90.15, 177.2 86.81, 154.8 111.25 M154.8 111.25 C147.51 118.22, 136.97 129.16, 111.25 154.8 M154.8 111.25 C144.34 121.85, 134.24 132.95, 111.25 154.8 M111.25 154.8 C88.08 175.3, 88.8 178.35, 66.75 154.8 M111.25 154.8 C88.36 174.93, 90.56 176.2, 66.75 154.8 M66.75 154.8 C56.1 145.67, 50.55 136.77, 22.25 111.25 M66.75 154.8 C51.63 139.53, 36.15 125.66, 22.25 111.25 M22.25 111.25 C0.43 88.64, 0.24 87.21, 22.25 66.75 M22.25 111.25 C-1.05 89.71, -1.94 90.17, 22.25 66.75 M22.25 66.75 C38.66 50.51, 51.12 36.98, 66.75 22.25 M22.25 66.75 C32.4 56.2, 42.74 46.46, 66.75 22.25 M66.75 22.25 C88.94 -1.42, 89.22 -1.69, 111.25 22.25 M66.75 22.25 C87.91 -1.86, 87.23 1.16, 111.25 22.25" stroke="#1e1e1e" stroke-width="2" fill="none"></path></g><g transform="translate(566.5859375 57.83984375) rotate(0 47.12995910644531 37.5)"><text x="47.12995910644531" y="17.619999999999997" font-family="Virgil, Segoe UI Emoji" font-size="20px" fill="#1e1e1e" text-anchor="middle" style="white-space: pre;" direction="ltr" dominant-baseline="alphabetic">Certify</text><text x="47.12995910644531" y="42.62" font-family="Virgil, Segoe UI Emoji" font-size="20px" fill="#1e1e1e" text-anchor="middle" style="white-space: pre;" direction="ltr" dominant-baseline="alphabetic">Safer</text><text x="47.12995910644531" y="67.62" font-family="Virgil, Segoe UI Emoji" font-size="20px" fill="#1e1e1e" text-anchor="middle" style="white-space: pre;" direction="ltr" dominant-baseline="alphabetic">validation</text></g><g stroke-linecap="round"><g transform="translate(444.03205710169095 102.24994218182792) rotate(0 42.13419270342183 -0.8515859533799812)"><path d="M-1 -0.83 C13.12 -1.22, 70.77 -2.02, 85.05 -2.34 M0.68 1.34 C14.67 1.1, 70.6 -0.58, 84.51 -1.14" stroke="#1e1e1e" stroke-width="2" fill="none"></path></g><g transform="translate(444.03205710169095 102.24994218182792) rotate(0 42.13419270342183 -0.8515859533799812)"><path d="M85.5 -2.94 L69.8 4.56 L71.64 -8.8 L86.23 -0.14" stroke="none" stroke-width="0" fill="#1e1e1e" fill-rule="evenodd"></path><path d="M84.51 -1.14 C79.07 1.95, 74.91 3.7, 71.14 5.66 M84.51 -1.14 C81.57 0.64, 78.24 1.66, 71.14 5.66 M71.14 5.66 C70.51 0.01, 70.41 -3.13, 70.7 -7.01 M71.14 5.66 C70.5 0.94, 71.09 -2.56, 70.7 -7.01 M70.7 -7.01 C76.81 -4.4, 81.45 -3.67, 84.51 -1.14 M70.7 -7.01 C75.99 -4.39, 79.68 -2.69, 84.51 -1.14 M84.51 -1.14 C84.51 -1.14, 84.51 -1.14, 84.51 -1.14 M84.51 -1.14 C84.51 -1.14, 84.51 -1.14, 84.51 -1.14" stroke="#1e1e1e" stroke-width="2" fill="none"></path></g></g><mask></mask><g transform="translate(446.1400451660156 69.37109375) rotate(0 37.359954833984375 12.5)"><text x="37.359954833984375" y="17.619999999999997" font-family="Virgil, Segoe UI Emoji" font-size="20px" fill="#1e1e1e" text-anchor="middle" style="white-space: pre;" direction="ltr" dominant-baseline="alphabetic">triggers</text></g><g transform="translate(34.00848388671875 302.05078125) rotate(0 65.13995361328125 25)"><text x="65.13995361328125" y="17.619999999999997" font-family="Virgil, Segoe UI Emoji" font-size="20px" fill="#1e1e1e" text-anchor="middle" style="white-space: pre;" direction="ltr" dominant-baseline="alphabetic">requested by</text><text x="65.13995361328125" y="42.62" font-family="Virgil, Segoe UI Emoji" font-size="20px" fill="#1e1e1e" text-anchor="middle" style="white-space: pre;" direction="ltr" dominant-baseline="alphabetic">a maintainer?</text></g><g stroke-linecap="round" transform="translate(16.6796875 265.640625) rotate(0 83.70703125 60.78125)"><path d="M108.59 3 C119.96 4.56, 131.47 9.62, 140.39 15.58 C149.3 21.54, 157.55 30.39, 162.08 38.78 C166.61 47.17, 168.56 57.08, 167.57 65.92 C166.59 74.76, 162.4 84.32, 156.16 91.79 C149.92 99.27, 140.03 106.09, 130.14 110.79 C120.25 115.5, 108.69 118.63, 96.81 120.03 C84.93 121.42, 70.43 121.68, 58.87 119.18 C47.32 116.68, 36.26 111.15, 27.48 105.02 C18.71 98.9, 10.76 90.61, 6.21 82.41 C1.65 74.22, -0.57 64.64, 0.15 55.86 C0.87 47.09, 4.41 37.17, 10.54 29.76 C16.67 22.35, 26.85 16.18, 36.92 11.41 C46.98 6.63, 56.97 1.81, 70.94 1.12 C84.91 0.43, 110.46 5.31, 120.72 7.24 C130.99 9.17, 132.97 12, 132.54 12.71 M45.63 7.68 C55.57 3.01, 70.51 1.98, 82.24 1.37 C93.97 0.76, 105.14 0.85, 116.03 4.01 C126.92 7.18, 139.37 13.68, 147.6 20.35 C155.82 27.02, 162.23 35.12, 165.39 44.03 C168.55 52.94, 168.83 65.2, 166.55 73.81 C164.26 82.41, 158.85 88.89, 151.7 95.65 C144.55 102.41, 134.45 110.19, 123.67 114.37 C112.9 118.55, 99.54 120.33, 87.03 120.72 C74.52 121.1, 59.9 120.15, 48.59 116.67 C37.29 113.2, 26.98 106.65, 19.19 99.84 C11.4 93.04, 4.59 84.52, 1.85 75.84 C-0.89 67.17, 0.19 56.27, 2.76 47.79 C5.33 39.31, 10.24 31.95, 17.26 24.97 C24.28 17.98, 40.36 8.9, 44.88 5.88 C49.41 2.86, 43.79 5.7, 44.41 6.84" stroke="#1e1e1e" stroke-width="2" fill="none"></path></g><g stroke-linecap="round" transform="translate(215.8828125 267.1796875) rotate(0 83.70703125 60.78125)"><path d="M119.09 5.02 C130.27 7.49, 140.93 14.32, 148.53 21.18 C156.12 28.03, 161.74 37.52, 164.68 46.15 C167.63 54.77, 168.59 64.43, 166.21 72.93 C163.83 81.43, 158 90.1, 150.4 97.15 C142.8 104.21, 131.34 111.2, 120.63 115.26 C109.91 119.32, 98.18 121.42, 86.13 121.52 C74.07 121.61, 59.38 119.41, 48.31 115.84 C37.25 112.27, 27.44 106.9, 19.73 100.1 C12.02 93.3, 5.12 83.78, 2.06 75.04 C-1.01 66.31, -1.11 56.28, 1.33 47.69 C3.78 39.11, 9.13 30.23, 16.72 23.54 C24.3 16.85, 35.99 11.42, 46.85 7.54 C57.71 3.67, 69.33 0.46, 81.89 0.29 C94.45 0.12, 115.34 5.01, 122.22 6.5 C129.11 8, 123.85 8.23, 123.21 9.25 M112.29 3.41 C123.21 5.49, 135.7 12.99, 144.24 19.4 C152.79 25.81, 159.6 33.79, 163.56 41.87 C167.52 49.94, 169.88 58.93, 168.01 67.86 C166.14 76.8, 159.5 87.88, 152.34 95.49 C145.18 103.11, 135.44 109.03, 125.05 113.56 C114.66 118.09, 102.01 121.84, 89.99 122.68 C77.98 123.52, 64.06 121.78, 52.98 118.61 C41.9 115.45, 31.85 110.42, 23.51 103.7 C15.17 96.98, 6.62 87.02, 2.95 78.3 C-0.73 69.57, -0.53 59.72, 1.48 51.34 C3.5 42.96, 8.57 35.27, 15.02 28.01 C21.47 20.75, 29.94 12.6, 40.18 7.78 C50.43 2.95, 64.43 -0.58, 76.49 -0.96 C88.55 -1.34, 106.54 4.25, 112.55 5.49 C118.56 6.74, 112.86 6.04, 112.56 6.51" stroke="#1e1e1e" stroke-width="2" fill="none"></path></g><g transform="translate(221.61148834228516 291.66015625) rotate(0 74.51741790771484 34.25356684840517)"><text x="74.51741790771484" y="16.09460927650392" font-family="Virgil, Segoe UI Emoji" font-size="18.268568985816028px" fill="#1e1e1e" text-anchor="middle" style="white-space: pre;" direction="ltr" dominant-baseline="alphabetic">PR has not</text><text x="74.51741790771484" y="38.93032050877396" font-family="Virgil, Segoe UI Emoji" font-size="18.268568985816028px" fill="#1e1e1e" text-anchor="middle" style="white-space: pre;" direction="ltr" dominant-baseline="alphabetic">changed since</text><text x="74.51741790771484" y="61.76603174104399" font-family="Virgil, Segoe UI Emoji" font-size="18.268568985816028px" fill="#1e1e1e" text-anchor="middle" style="white-space: pre;" direction="ltr" dominant-baseline="alphabetic">'request-ci' label</text></g><g stroke-linecap="round" transform="translate(10 239.33984375) rotate(0 195.326171875 87.681640625)"><path d="M32 0 C144.1 0.52, 257.47 0.33, 358.65 0 M358.65 0 C379.26 1.4, 389.95 11.17, 390.65 32 M390.65 32 C391.81 59.14, 388.61 90.49, 390.65 143.36 M390.65 143.36 C391.44 164.66, 380.38 176.35, 358.65 175.36 M358.65 175.36 C285 176.21, 211.97 176.13, 32 175.36 M32 175.36 C11.98 173.94, -0.26 165.7, 0 143.36 M0 143.36 C0.36 112.14, -0.16 82.87, 0 32 M0 32 C-0.67 10.84, 10.49 0.76, 32 0" stroke="#1e1e1e" stroke-width="2.5" fill="none" stroke-dasharray="8 10"></path></g><g stroke-linecap="round"><g transform="translate(568.0625 155.4609375) rotate(0 -222.5234375 39.53125)"><path d="M0.08 1.02 C-74.12 14.07, -370.71 65.04, -444.77 78.06 M-1.34 0.51 C-75.71 13.7, -371.69 65.74, -445.57 79.07" stroke="#1e1e1e" stroke-width="2" fill="none"></path></g><g transform="translate(568.0625 155.4609375) rotate(0 -222.5234375 39.53125)"><path d="M-446.23 79.38 L-435.24 70.23 L-430.48 81.45 L-445.02 78.68" stroke="none" stroke-width="0" fill="#1e1e1e" fill-rule="evenodd"></path><path d="M-445.57 79.07 C-440.16 76.52, -438.58 74.27, -433.3 70.45 M-445.57 79.07 C-441.53 76.48, -437.83 73.24, -433.3 70.45 M-433.3 70.45 C-433.5 75.86, -431.89 79.73, -431.08 82.93 M-433.3 70.45 C-432.24 73.86, -432.49 77.72, -431.08 82.93 M-431.08 82.93 C-436.26 82.04, -441.51 79.22, -445.57 79.07 M-431.08 82.93 C-436.35 81.31, -441.07 79.77, -445.57 79.07 M-445.57 79.07 C-445.57 79.07, -445.57 79.07, -445.57 79.07 M-445.57 79.07 C-445.57 79.07, -445.57 79.07, -445.57 79.07" stroke="#1e1e1e" stroke-width="2" fill="none"></path></g></g><mask></mask><g transform="translate(408.18597412109375 243.2578125) rotate(0 33.14996337890625 12.5)"><text x="33.14996337890625" y="17.619999999999997" font-family="Virgil, Segoe UI Emoji" font-size="20px" fill="#1e1e1e" text-anchor="middle" style="white-space: pre;" direction="ltr" dominant-baseline="alphabetic">if true</text></g><g stroke-linecap="round"><g transform="translate(405.78125 342.77734375) rotate(0 89.17578125 -3.474609375)"><path d="M-0.52 -0.17 C29.48 -1.36, 149.09 -5.6, 178.87 -6.74 M1.4 -1.3 C31.39 -2.91, 148.88 -8.02, 178.2 -8.75" stroke="#1e1e1e" stroke-width="2" fill="none"></path></g><g transform="translate(405.78125 342.77734375) rotate(0 89.17578125 -3.474609375)"><path d="M176.41 -9.52 L165.63 -0.21 L163.55 -15.94 L177.34 -8.41" stroke="none" stroke-width="0" fill="#1e1e1e" fill-rule="evenodd"></path><path d="M178.2 -8.75 C175.27 -6.75, 173 -6.24, 164.84 -1.93 M178.2 -8.75 C174.32 -6.18, 170.78 -4, 164.84 -1.93 M164.84 -1.93 C164.29 -6.16, 163.56 -10.81, 164.39 -14.6 M164.84 -1.93 C164.55 -6.87, 164.8 -11.25, 164.39 -14.6 M164.39 -14.6 C169.55 -14.03, 172.01 -12.34, 178.2 -8.75 M164.39 -14.6 C168.91 -12.5, 173.84 -10.35, 178.2 -8.75 M178.2 -8.75 C178.2 -8.75, 178.2 -8.75, 178.2 -8.75 M178.2 -8.75 C178.2 -8.75, 178.2 -8.75, 178.2 -8.75" stroke="#1e1e1e" stroke-width="2" fill="none"></path></g></g><mask></mask><g transform="translate(408.50792694091797 305.8359375) rotate(358.59508451210854 82.66394805908203 10)"><text x="82.66394805908203" y="14.096" font-family="Virgil, Segoe UI Emoji" font-size="16px" fill="#1e1e1e" text-anchor="middle" style="white-space: pre;" direction="ltr" dominant-baseline="alphabetic">Fetch /PR_ID/HEAD</text></g><g stroke-linecap="round" transform="translate(578.30078125 237.9140625) rotate(0 84.8671875 95.875)"><path d="M32 0 C58.56 0.06, 84.43 1, 137.73 0 M137.73 0 C158.95 -0.99, 168.55 10.08, 169.73 32 M169.73 32 C170.04 72.44, 170.4 116.31, 169.73 159.75 M169.73 159.75 C169.31 182.8, 158.89 193.28, 137.73 191.75 M137.73 191.75 C100.99 189.12, 63.39 192.13, 32 191.75 M32 191.75 C9.45 190.46, 1.08 182.08, 0 159.75 M0 159.75 C0.42 123.45, 0.64 84.82, 0 32 M0 32 C1.36 11.65, 11.73 -1.6, 32 0" stroke="#1e1e1e" stroke-width="2.5" fill="none" stroke-dasharray="1.5 8"></path></g><g stroke-linecap="round" transform="translate(587.43359375 256.3671875) rotate(0 72.8984375 15)"><path d="M7.5 0 C49.11 0.37, 92.52 0.21, 138.3 0 M7.5 0 C58.2 1.24, 109.76 1.66, 138.3 0 M138.3 0 C143.99 -1.33, 146.96 3.5, 145.8 7.5 M138.3 0 C142.92 0.2, 147.85 4.72, 145.8 7.5 M145.8 7.5 C144.92 11.21, 144.77 17.41, 145.8 22.5 M145.8 7.5 C146.25 13.24, 145.08 17.4, 145.8 22.5 M145.8 22.5 C147.68 26.6, 141.41 31.7, 138.3 30 M145.8 22.5 C145.07 25.63, 143.6 30.71, 138.3 30 M138.3 30 C111.81 29.37, 82.98 28.66, 7.5 30 M138.3 30 C109.95 29.19, 80.97 29.79, 7.5 30 M7.5 30 C3.13 29.6, -1 26.04, 0 22.5 M7.5 30 C2.86 31.68, -1.7 27.84, 0 22.5 M0 22.5 C-1.14 19.01, 1.26 14.94, 0 7.5 M0 22.5 C-0.52 19.17, 0.24 15.5, 0 7.5 M0 7.5 C1.65 3.59, 4.43 1.59, 7.5 0 M0 7.5 C1.64 2.73, 4.51 2.27, 7.5 0" stroke="#1e1e1e" stroke-width="2" fill="none"></path></g><g transform="translate(616.732063293457 261.3671875) rotate(0 43.59996795654297 10)"><text x="43.59996795654297" y="14.096" font-family="Virgil, Segoe UI Emoji" font-size="16px" fill="#1e1e1e" text-anchor="middle" style="white-space: pre;" direction="ltr" dominant-baseline="alphabetic">node-test-1</text></g><g stroke-linecap="round" transform="translate(589.21875 296.35546875) rotate(0 72.8984375 15)"><path d="M7.5 0 C34.65 1.22, 66 -0.39, 138.3 0 M7.5 0 C57.94 0.63, 108.2 -0.7, 138.3 0 M138.3 0 C142.39 0.86, 147.05 2.02, 145.8 7.5 M138.3 0 C141.91 1.64, 145.21 2.12, 145.8 7.5 M145.8 7.5 C145.32 10.54, 145.49 14.41, 145.8 22.5 M145.8 7.5 C145.19 12.21, 145.69 17.8, 145.8 22.5 M145.8 22.5 C144 25.55, 144.79 31.57, 138.3 30 M145.8 22.5 C144.55 26.84, 143.12 28.61, 138.3 30 M138.3 30 C86.5 29.82, 36.04 30.97, 7.5 30 M138.3 30 C90.2 31.1, 44.25 30.78, 7.5 30 M7.5 30 C3.51 31.3, -0.83 29.01, 0 22.5 M7.5 30 C4.23 29.71, 1.95 29.34, 0 22.5 M0 22.5 C-0.05 17.5, -0.47 13.36, 0 7.5 M0 22.5 C-0.67 17.67, -0.5 14.21, 0 7.5 M0 7.5 C-0.84 0.53, 2.45 0.71, 7.5 0 M0 7.5 C2.08 1.53, 1.81 -0.36, 7.5 0" stroke="#1e1e1e" stroke-width="2" fill="none"></path></g><g transform="translate(614.9892196655273 301.35546875) rotate(0 47.127967834472656 10)"><text x="47.127967834472656" y="14.096" font-family="Virgil, Segoe UI Emoji" font-size="16px" fill="#1e1e1e" text-anchor="middle" style="white-space: pre;" direction="ltr" dominant-baseline="alphabetic">node-test-2</text></g><g stroke-linecap="round" transform="translate(590.30859375 336.4375) rotate(0 72.8984375 15)"><path d="M7.5 0 C39.98 0.36, 74.66 -2.1, 138.3 0 M7.5 0 C50.64 -0.07, 92 -0.02, 138.3 0 M138.3 0 C144.35 1.67, 145.59 3.93, 145.8 7.5 M138.3 0 C144.93 -0.6, 146.45 3.82, 145.8 7.5 M145.8 7.5 C145.66 10.73, 146.74 14.83, 145.8 22.5 M145.8 7.5 C146.52 10.39, 146.57 14.98, 145.8 22.5 M145.8 22.5 C145.47 28.11, 142.52 31.24, 138.3 30 M145.8 22.5 C143.91 27.1, 141.67 27.73, 138.3 30 M138.3 30 C91.54 27.8, 43.12 26.9, 7.5 30 M138.3 30 C88.1 29.08, 38.75 29.21, 7.5 30 M7.5 30 C3 28.17, 0.92 26.79, 0 22.5 M7.5 30 C0.97 30.64, 0.94 28.99, 0 22.5 M0 22.5 C0.87 18.69, 0.02 11.69, 0 7.5 M0 22.5 C0.32 16.27, -0.46 11.6, 0 7.5 M0 7.5 C0.95 1.86, 2.07 -0.68, 7.5 0 M0 7.5 C2.14 0.28, 3.82 -1.81, 7.5 0" stroke="#1e1e1e" stroke-width="2" fill="none"></path></g><g transform="translate(615.1990814208984 341.4375) rotate(0 48.00794982910156 10)"><text x="48.00794982910156" y="14.096" font-family="Virgil, Segoe UI Emoji" font-size="16px" fill="#1e1e1e" text-anchor="middle" style="white-space: pre;" direction="ltr" dominant-baseline="alphabetic">node-test-...</text></g><g stroke-linecap="round" transform="translate(591.70703125 381.16796875) rotate(0 72.8984375 15)"><path d="M7.5 0 C52.45 2.11, 97.5 0.85, 138.3 0 M7.5 0 C53.37 -1.09, 101.34 0.42, 138.3 0 M138.3 0 C144.68 1.65, 146.11 3.45, 145.8 7.5 M138.3 0 C145.4 -1.26, 146.44 3.42, 145.8 7.5 M145.8 7.5 C147.34 11.86, 146.39 14.99, 145.8 22.5 M145.8 7.5 C145.42 13.66, 145.92 19.87, 145.8 22.5 M145.8 22.5 C145.13 26.09, 143.62 31.49, 138.3 30 M145.8 22.5 C144.28 26.47, 144.58 29.29, 138.3 30 M138.3 30 C100.97 31.97, 63.44 30.5, 7.5 30 M138.3 30 C104.78 31.13, 70.77 30.78, 7.5 30 M7.5 30 C2.52 28.48, 1.41 28.04, 0 22.5 M7.5 30 C1.42 27.92, 0.5 27.88, 0 22.5 M0 22.5 C1.13 19.03, -0.99 14.69, 0 7.5 M0 22.5 C0.07 18.13, -0.47 13.49, 0 7.5 M0 7.5 C0.37 0.74, 3.95 1.05, 7.5 0 M0 7.5 C-0.73 3.13, 3.64 -1.24, 7.5 0" stroke="#1e1e1e" stroke-width="2" fill="none"></path></g><g transform="translate(618.0215072631836 386.16796875) rotate(0 46.583961486816406 10)"><text x="46.583961486816406" y="14.096" font-family="Virgil, Segoe UI Emoji" font-size="16px" fill="#1e1e1e" text-anchor="middle" style="white-space: pre;" direction="ltr" dominant-baseline="alphabetic">node-test-N</text></g><g transform="translate(600.2399749755859 196.42578125) rotate(0 64.09596252441406 20)"><text x="64.09596252441406" y="14.096" font-family="Virgil, Segoe UI Emoji" font-size="16px" fill="#1e1e1e" text-anchor="middle" style="white-space: pre;" direction="ltr" dominant-baseline="alphabetic">Jenkins Test CI</text><text x="64.09596252441406" y="34.096000000000004" font-family="Virgil, Segoe UI Emoji" font-size="16px" fill="#1e1e1e" text-anchor="middle" style="white-space: pre;" direction="ltr" dominant-baseline="alphabetic">Cluster</text></g></svg>
\ No newline at end of file

From 9ad38a2eb64ac2ac5a07bedce13cc593a8f5b560 Mon Sep 17 00:00:00 2001
From: RafaelGSS <rafael.nunu@hotmail.com>
Date: Fri, 18 Apr 2025 10:47:41 -0300
Subject: [PATCH 2/9] fixup! Blog: add update to Security CI incident

---
 .../vulnerability/march-2025-ci-incident.md   | 34 +++++++++----------
 1 file changed, 17 insertions(+), 17 deletions(-)

diff --git a/apps/site/pages/en/blog/vulnerability/march-2025-ci-incident.md b/apps/site/pages/en/blog/vulnerability/march-2025-ci-incident.md
index ef8aba8298892..33e10c54961b2 100644
--- a/apps/site/pages/en/blog/vulnerability/march-2025-ci-incident.md
+++ b/apps/site/pages/en/blog/vulnerability/march-2025-ci-incident.md
@@ -1,14 +1,14 @@
 ---
-date: '2025-04-17T16:30:00.617Z'
+date: '2025-04-21T16:30:00.617Z'
 category: vulnerability
 title: Node.js Test CI Security Incident
 layout: blog-post
 author: Node.js Technical Steering Committee
 ---
 
-# _(Update 16-April-2025)_ Node.js Test CI Security Incident – Full Disclosure
+# _(Update 21-April-2025)_ Node.js Test CI Security Incident – Full Disclosure
 
-## **Summary**
+## Summary
 
 On March 21, 2025, we received a [security report via HackerOne](https://hackerone.com/reports/3050534) (link restricted at time of writing), detailing a successful compromise of several Node.js test CI hosts.
 
@@ -28,7 +28,7 @@ The core issue stems from a Time-of-Check-Time-of-Use (TOCTOU) vulnerability bet
 
 ![Example of attack in the Node.js test infra][example_attack_test_Infra]
 
-## **Remediation**
+## Remediation
 
 In response to this security incident, the Node.js security team took measures to mitigate risks and secure the infrastructure.
 
@@ -42,25 +42,25 @@ In response to this security incident, the Node.js security team took measures t
 These targeted actions significantly strengthened the security posture of our CI infrastructure, preventing the recurrence of similar potential
 intrusions and ensuring safe operations moving forward.
 
-## **Timeline**
+## Timeline
 
-- **Friday, 21 March 2025**: Report received on Hackerone. Initial triage confirmed the report as a genuine issue. The ability to start new Jenkins CI runs was restricted to prevent any further machine compromises.
-- **Monday, 24 March 2025:** All compromised machines (totalling 24\) were identified and removed from Jenkins (pending a complete rebuild). Initial attempts to evaluate all 140 jobs defined in our Jenkins instance for vulnerability. Work started on updating the most often used vulnerable jobs to take an expected commit SHA and only proceed if the SHA of the code checked out on the machine matches.
-- **Tuesday, 25 March 2025:** Some affected hosts rebuilt. The updated jobs failed on macOS and were investigated and updated again.
-- **Wednesday, 26 March 2025**: More jobs updated and affected hosts rebuilt. Some GitHub workflows also identified as being vulnerable to similar attacks and disabled.
-- **Thursday, 27 March 2025**: Validation logic in the updated jobs tweaked again to allow daily testing on non-pull request branches. Decision taken to disable all remaining jobs that had not been evaluated for the vulnerability or identified as needing the fix applied. More machines rebuilt.
-- **Friday 28 March 2025:** Ability to start jobs on Jenkins was reenabled for Node.js collaborators. Some lesser used jobs are still disabled. GitHub workflows patched and re-enabled.
-- **Wednesday, 2 April 2025**: More machines rebuilt.
-- **Thursday, 3 April 2025**: Benchmarking and libuv CI jobs updated.
+1. **Friday, 21 March 2025**: Report received on Hackerone. Initial triage confirmed the report as a genuine issue. The ability to start new Jenkins CI runs was restricted to prevent any further machine compromises.
+2. **Monday, 24 March 2025:** All compromised machines (totalling 24\) were identified and removed from Jenkins (pending a complete rebuild). Initial attempts to evaluate all 140 jobs defined in our Jenkins instance for vulnerability. Work started on updating the most often used vulnerable jobs to take an expected commit SHA and only proceed if the SHA of the code checked out on the machine matches.
+3. **Tuesday, 25 March 2025:** Some affected hosts rebuilt. The updated jobs failed on macOS and were investigated and updated again.
+4. **Wednesday, 26 March 2025**: More jobs updated and affected hosts rebuilt. Some GitHub workflows also identified as being vulnerable to similar attacks and disabled.
+5. **Thursday, 27 March 2025**: Validation logic in the updated jobs tweaked again to allow daily testing on non-pull request branches. Decision taken to disable all remaining jobs that had not been evaluated for the vulnerability or identified as needing the fix applied. More machines rebuilt.
+6. **Friday, 28 March 2025:** Ability to start jobs on Jenkins was reenabled for Node.js collaborators. Some lesser used jobs are still disabled. GitHub workflows patched and re-enabled.
+7. **Wednesday, 2 April 2025**: More machines rebuilt.
+8. **Thursday, 3 April 2025**: Benchmarking and libuv CI jobs updated.
 
-## **Security vs. Developer Experience**
+## Security vs. Developer Experience
 
-Over 100 volunteers maintain the Node.js project. Our processes aim to streamline CI initiation and verification of contributions across approximately 100 Jenkins runners spanning multiple operating systems and CPU architectures.
+Over 300 volunteers maintain the Node.js project. Our processes aim to streamline CI initiation and verification of contributions across approximately 100 Jenkins runners spanning multiple operating systems and CPU architectures.
 The existing CI system design anticipates potential compromises, recognizing the need to balance security with developer convenience.
 
-## **Volunteer Organization**
+## Volunteer Organization
 
-As a volunteer-driven organization, such security incidents significantly disrupt our operational capabilities. We **strongly** **recommend** that security researchers **avoid** unauthorized attempts to breach our systems. Instead, please coordinate responsibly through our official HackerOne program.
+As a volunteer-driven organization, such security incidents significantly disrupt our operational capabilities. We **strongly recommend** that security researchers **avoid** unauthorized attempts to breach our systems. Instead, please coordinate responsibly through our official HackerOne program.
 
 ---
 

From 2d7443794c43577a79e7ba1c62e0531e31ced680 Mon Sep 17 00:00:00 2001
From: RafaelGSS <rafael.nunu@hotmail.com>
Date: Fri, 18 Apr 2025 10:50:07 -0300
Subject: [PATCH 3/9] fixup! fixup! Blog: add update to Security CI incident

---
 apps/site/pages/en/blog/vulnerability/march-2025-ci-incident.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/apps/site/pages/en/blog/vulnerability/march-2025-ci-incident.md b/apps/site/pages/en/blog/vulnerability/march-2025-ci-incident.md
index 33e10c54961b2..56f93c2963eb5 100644
--- a/apps/site/pages/en/blog/vulnerability/march-2025-ci-incident.md
+++ b/apps/site/pages/en/blog/vulnerability/march-2025-ci-incident.md
@@ -42,6 +42,8 @@ In response to this security incident, the Node.js security team took measures t
 These targeted actions significantly strengthened the security posture of our CI infrastructure, preventing the recurrence of similar potential
 intrusions and ensuring safe operations moving forward.
 
+The change we implemented now requires every pull request to be approved before running the Jenkins CI - or for collaborators to specify the individual SHA.
+
 ## Timeline
 
 1. **Friday, 21 March 2025**: Report received on Hackerone. Initial triage confirmed the report as a genuine issue. The ability to start new Jenkins CI runs was restricted to prevent any further machine compromises.

From 10547a97523d291e64684daf69c2234778a8be09 Mon Sep 17 00:00:00 2001
From: Matteo Collina <hello@matteocollina.com>
Date: Tue, 22 Apr 2025 03:20:02 -0700
Subject: [PATCH 4/9] Update
 apps/site/pages/en/blog/vulnerability/march-2025-ci-incident.md

Co-authored-by: Antoine du Hamel <duhamelantoine1995@gmail.com>
Signed-off-by: Matteo Collina <matteo.collina@gmail.com>
---
 .../site/pages/en/blog/vulnerability/march-2025-ci-incident.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/apps/site/pages/en/blog/vulnerability/march-2025-ci-incident.md b/apps/site/pages/en/blog/vulnerability/march-2025-ci-incident.md
index 56f93c2963eb5..6851a26f28a22 100644
--- a/apps/site/pages/en/blog/vulnerability/march-2025-ci-incident.md
+++ b/apps/site/pages/en/blog/vulnerability/march-2025-ci-incident.md
@@ -51,7 +51,8 @@ The change we implemented now requires every pull request to be approved before
 3. **Tuesday, 25 March 2025:** Some affected hosts rebuilt. The updated jobs failed on macOS and were investigated and updated again.
 4. **Wednesday, 26 March 2025**: More jobs updated and affected hosts rebuilt. Some GitHub workflows also identified as being vulnerable to similar attacks and disabled.
 5. **Thursday, 27 March 2025**: Validation logic in the updated jobs tweaked again to allow daily testing on non-pull request branches. Decision taken to disable all remaining jobs that had not been evaluated for the vulnerability or identified as needing the fix applied. More machines rebuilt.
-6. **Friday, 28 March 2025:** Ability to start jobs on Jenkins was reenabled for Node.js collaborators. Some lesser used jobs are still disabled. GitHub workflows patched and re-enabled.
+6. **Friday, 28 March 2025:** GitHub workflows were patched and `commit-queue` was re-enabled.
+7. **Tuesday, 1 April 2025:** Ability to start jobs on Jenkins was reenabled for Node.js collaborators. Some lesser used jobs are still disabled.
 7. **Wednesday, 2 April 2025**: More machines rebuilt.
 8. **Thursday, 3 April 2025**: Benchmarking and libuv CI jobs updated.
 

From 6375469905ef106732401f1ac5c6f46463dfbcb5 Mon Sep 17 00:00:00 2001
From: Matteo Collina <hello@matteocollina.com>
Date: Tue, 22 Apr 2025 07:18:11 -0700
Subject: [PATCH 5/9] Update
 apps/site/pages/en/blog/vulnerability/march-2025-ci-incident.md

Co-authored-by: Antoine du Hamel <duhamelantoine1995@gmail.com>
Signed-off-by: Matteo Collina <matteo.collina@gmail.com>
---
 apps/site/pages/en/blog/vulnerability/march-2025-ci-incident.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apps/site/pages/en/blog/vulnerability/march-2025-ci-incident.md b/apps/site/pages/en/blog/vulnerability/march-2025-ci-incident.md
index 6851a26f28a22..c41b8257345c3 100644
--- a/apps/site/pages/en/blog/vulnerability/march-2025-ci-incident.md
+++ b/apps/site/pages/en/blog/vulnerability/march-2025-ci-incident.md
@@ -52,7 +52,7 @@ The change we implemented now requires every pull request to be approved before
 4. **Wednesday, 26 March 2025**: More jobs updated and affected hosts rebuilt. Some GitHub workflows also identified as being vulnerable to similar attacks and disabled.
 5. **Thursday, 27 March 2025**: Validation logic in the updated jobs tweaked again to allow daily testing on non-pull request branches. Decision taken to disable all remaining jobs that had not been evaluated for the vulnerability or identified as needing the fix applied. More machines rebuilt.
 6. **Friday, 28 March 2025:** GitHub workflows were patched and `commit-queue` was re-enabled.
-7. **Tuesday, 1 April 2025:** Ability to start jobs on Jenkins was reenabled for Node.js collaborators. Some lesser used jobs are still disabled.
+7. **Tuesday, 1 April 2025:** Ability to start jobs on Jenkins and via `request-ci` was reenabled. Some lesser used jobs were still disabled.
 7. **Wednesday, 2 April 2025**: More machines rebuilt.
 8. **Thursday, 3 April 2025**: Benchmarking and libuv CI jobs updated.
 

From 1112eb4f8308d0a5c960b6b3b5a5c0e80f67a3db Mon Sep 17 00:00:00 2001
From: Matteo Collina <hello@matteocollina.com>
Date: Tue, 22 Apr 2025 21:42:46 +0200
Subject: [PATCH 6/9] Update
 apps/site/pages/en/blog/vulnerability/march-2025-ci-incident.md

Signed-off-by: Matteo Collina <matteo.collina@gmail.com>
---
 apps/site/pages/en/blog/vulnerability/march-2025-ci-incident.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apps/site/pages/en/blog/vulnerability/march-2025-ci-incident.md b/apps/site/pages/en/blog/vulnerability/march-2025-ci-incident.md
index c41b8257345c3..308800607ec91 100644
--- a/apps/site/pages/en/blog/vulnerability/march-2025-ci-incident.md
+++ b/apps/site/pages/en/blog/vulnerability/march-2025-ci-incident.md
@@ -63,7 +63,7 @@ The existing CI system design anticipates potential compromises, recognizing the
 
 ## Volunteer Organization
 
-As a volunteer-driven organization, such security incidents significantly disrupt our operational capabilities. We **strongly recommend** that security researchers **avoid** unauthorized attempts to breach our systems. Instead, please coordinate responsibly through our official HackerOne program.
+As a volunteer-driven organization, we rely on people dedicating their time to work on unglamorous tasks, such as hardening CI, handling security reports, and assembling releases. Even good-faith research against our live systems could significantly disrupt our operations. As always, we welcome all sorts of contributions, including penetration testing. We ask researchers to give us a heads up on what they are attempting to do on live systems and to keep an auditable record of their actions through our HackerOne program or by contacting the Node.js Technical Steering Committee directly (tsc@iojs.org). More on that in our [SECURITY.md](https://github.com/nodejs/node/blob/main/SECURITY.md) file.
 
 ---
 

From 2348bca3c5040ebabf9a3525052c3361045d2546 Mon Sep 17 00:00:00 2001
From: Matteo Collina <hello@matteocollina.com>
Date: Wed, 23 Apr 2025 06:50:39 -0700
Subject: [PATCH 7/9] Update
 apps/site/pages/en/blog/vulnerability/march-2025-ci-incident.md

Signed-off-by: Matteo Collina <matteo.collina@gmail.com>
---
 apps/site/pages/en/blog/vulnerability/march-2025-ci-incident.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apps/site/pages/en/blog/vulnerability/march-2025-ci-incident.md b/apps/site/pages/en/blog/vulnerability/march-2025-ci-incident.md
index 308800607ec91..ee83d6d01b548 100644
--- a/apps/site/pages/en/blog/vulnerability/march-2025-ci-incident.md
+++ b/apps/site/pages/en/blog/vulnerability/march-2025-ci-incident.md
@@ -1,5 +1,5 @@
 ---
-date: '2025-04-21T16:30:00.617Z'
+date: '2025-04-23T16:30:00.617Z'
 category: vulnerability
 title: Node.js Test CI Security Incident
 layout: blog-post

From 336e39d9bf69ba4c595af19c46b0fe365b62a9c8 Mon Sep 17 00:00:00 2001
From: Matteo Collina <hello@matteocollina.com>
Date: Wed, 23 Apr 2025 06:50:56 -0700
Subject: [PATCH 8/9] Update
 apps/site/pages/en/blog/vulnerability/march-2025-ci-incident.md

Signed-off-by: Matteo Collina <matteo.collina@gmail.com>
---
 apps/site/pages/en/blog/vulnerability/march-2025-ci-incident.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apps/site/pages/en/blog/vulnerability/march-2025-ci-incident.md b/apps/site/pages/en/blog/vulnerability/march-2025-ci-incident.md
index ee83d6d01b548..3e4d7e7f0d190 100644
--- a/apps/site/pages/en/blog/vulnerability/march-2025-ci-incident.md
+++ b/apps/site/pages/en/blog/vulnerability/march-2025-ci-incident.md
@@ -6,7 +6,7 @@ layout: blog-post
 author: Node.js Technical Steering Committee
 ---
 
-# _(Update 21-April-2025)_ Node.js Test CI Security Incident – Full Disclosure
+# _(Update 23-April-2025)_ Node.js Test CI Security Incident – Full Disclosure
 
 ## Summary
 

From 4ba20dee5f82fdf552b65a29a21009cbe06176da Mon Sep 17 00:00:00 2001
From: Matteo Collina <hello@matteocollina.com>
Date: Wed, 23 Apr 2025 16:24:34 +0200
Subject: [PATCH 9/9] fixup

Signed-off-by: Matteo Collina <hello@matteocollina.com>
---
 .../pages/en/blog/vulnerability/march-2025-ci-incident.md     | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/apps/site/pages/en/blog/vulnerability/march-2025-ci-incident.md b/apps/site/pages/en/blog/vulnerability/march-2025-ci-incident.md
index 3e4d7e7f0d190..12c13318ddce2 100644
--- a/apps/site/pages/en/blog/vulnerability/march-2025-ci-incident.md
+++ b/apps/site/pages/en/blog/vulnerability/march-2025-ci-incident.md
@@ -53,8 +53,8 @@ The change we implemented now requires every pull request to be approved before
 5. **Thursday, 27 March 2025**: Validation logic in the updated jobs tweaked again to allow daily testing on non-pull request branches. Decision taken to disable all remaining jobs that had not been evaluated for the vulnerability or identified as needing the fix applied. More machines rebuilt.
 6. **Friday, 28 March 2025:** GitHub workflows were patched and `commit-queue` was re-enabled.
 7. **Tuesday, 1 April 2025:** Ability to start jobs on Jenkins and via `request-ci` was reenabled. Some lesser used jobs were still disabled.
-7. **Wednesday, 2 April 2025**: More machines rebuilt.
-8. **Thursday, 3 April 2025**: Benchmarking and libuv CI jobs updated.
+8. **Wednesday, 2 April 2025**: More machines rebuilt.
+9. **Thursday, 3 April 2025**: Benchmarking and libuv CI jobs updated.
 
 ## Security vs. Developer Experience