11/18/25 release branch (#3770)

* #3764 Add News article @ 10/29/25 Board meeting minutes

* #3765 Update Working Groups page

* #3769 Add blog @ videos from "CVE Program Technical Workshop 2025"

* #3766 Add 1 Blog  + Update Events page @ "VulnCon 2026" call for papers deadline

* #3767 Update 3 CNA's info + Move 1 CNA to "Inactive Status"

* #3767 Move 1 CNA to Inactive status

* #3769 Add Meeting Notes PDF for CVE Program Technical Workshop 2025"

* boardMeetings: add 10/29 board meeting summary

* npm update on 11/18/2025

---------

Co-authored-by: Roy Lane <rlane@mitre.org>

Author: rroberge

package-lock.json

@@ -22,7 +22,7 @@
     "@fortawesome/free-solid-svg-icons": "^6.7.2",
     "@fortawesome/vue-fontawesome": "^3.1.2",
     "@unhead/vue": "^1.11.20",
-    "axios": "^1.13.1",
+    "axios": "^1.13.2",
     "bulma": "^0.9.4",
     "bulma-timeline": "^3.0.5",
     "leaflet": "^1.9.4",
@@ -35,16 +35,16 @@
     "vue-router": "^4.6.3"
   },
   "devDependencies": {
-    "@rushstack/eslint-patch": "^1.14.1",
-    "@tsconfig/node18": "^18.2.4",
+    "@rushstack/eslint-patch": "^1.15.0",
+    "@tsconfig/node18": "^18.2.6",
     "@types/lodash": "^4.17.20",
     "@types/node": "^18.19.130",
     "@vitejs/plugin-vue": "^5.2.4",
     "@vitejs/plugin-vue-jsx": "^4.2.0",
     "@vue/eslint-config-prettier": "^10.2.0",
     "@vue/eslint-config-typescript": "^14.6.0",
     "@vue/tsconfig": "^0.5.1",
-    "eslint": "^9.39.0",
+    "eslint": "^9.39.1",
     "eslint-plugin-vue": "^10.5.1",
     "npm-run-all2": "^6.2.6",
     "prettier": "^3.6.2",

package.json

@@ -1858,63 +1858,6 @@
     },
     "country": "USA"
   },
-  {
-    "shortName": "DeepSurface",
-    "cnaID": "CNA-2021-0010",
-    "organizationName": "DeepSurface Security, Inc.",
-    "scope": "All DeepSurface products, as well as vulnerabilities in third-party software discovered by DeepSurface that are not in another CNA’s scope.",
-    "contact": [
-      {
-        "email": [
-          {
-            "label": "Email",
-            "emailAddr": "security@deepsurface.com"
-          }
-        ],
-        "contact": [],
-        "form": []
-      }
-    ],
-    "disclosurePolicy": [
-      {
-        "label": "Policy",
-        "language": "",
-        "url": "https://deepsurface.com/vulnerability-disclosure-policy/"
-      }
-    ],
-    "securityAdvisories": {
-      "alerts": [],
-      "advisories": [
-        {
-          "label": "Advisories",
-          "url": "https://deepsurface.com/tag/blog/"
-        }
-      ]
-    },
-    "resources": [],
-    "CNA": {
-      "isRoot": false,
-      "root": {
-        "shortName": "n/a",
-        "organizationName": "n/a"
-      },
-      "type": [
-        "Vendor",
-        "Researcher"
-      ],
-      "TLR": {
-        "shortName": "mitre",
-        "organizationName": "MITRE Corporation"
-      },
-      "roles": [
-        {
-          "helpText": "",
-          "role": "CNA"
-        }
-      ]
-    },
-    "country": "USA"
-  },
   {
     "shortName": "dell",
     "cnaID": "CNA-2011-0004",
@@ -12007,7 +11950,7 @@
         "email": [
           {
             "label": "Email",
-            "emailAddr": "GEV.PSIRT@ge.com"
+            "emailAddr": "GEV.PSIRT@gevernova.com"
           }
         ],
         "contact": [],
@@ -25577,7 +25520,7 @@
     "shortName": "EEF",
     "cnaID": "CNA-2025-0023",
     "organizationName": "Erlang Ecosystem Foundation",
-    "scope": "Vulnerabilities in active packages hosted on <a href='https://hex.pm/' target='_blank'>Hex.pm</a>, and in active projects hosted under the GitHub organizations <a href='https://github.com/elixir-lang' target='_blank'>@elixir-lang</a>, <a href='https://github.com/erlang' target='_blank'>@erlang</a>, <a href='https://github.com/erlef-cna' target='_blank'>@erlef-cna</a>, <a href='https://github.com/erlef' target='_blank'>@erlef</a>, <a href='https://github.com/gleam-lang' target='_blank'>@gleam-lang</a>, <a href='https://github.com/hexpm' target='_blank'>@hexpm</a>, <a href='https://github.com/nerves-hub'>@nerves-hub</a>, <a href='https://github.com/nerves-project'>@nerves-project</a>, and <a href='https://github.com/OpenRiak'>@OpenRiak</a> unless covered by the scope of another CNA.<p>The addition of the Nerves Hub, Nerves Project, and OpenRiak organizations reflects their critical role in the BEAM ecosystem. These projects distribute software through mechanisms other than <a href='https://hex.pm/' target='_blank'>Hex.pm</a> and are therefore not currently covered under our existing scope.</p>",
+    "scope": "Vulnerabilities in active packages hosted on <a href='https://hex.pm/' target='_blank'>Hex.pm</a>, and in active projects hosted under the GitHub organizations <a href='https://github.com/elixir-lang' target='_blank'>@elixir-lang</a>, <a href='https://github.com/erlang' target='_blank'>@erlang</a>, <a href='https://github.com/erlef-cna' target='_blank'>@erlef-cna</a>, <a href='https://github.com/erlef' target='_blank'>@erlef</a>, <a href='https://github.com/gleam-lang' target='_blank'>@gleam-lang</a>, <a href='https://github.com/hexpm' target='_blank'>@hexpm</a>, <a href='https://github.com/nerves-hub'>@nerves-hub</a>, <a href='https://github.com/nerves-project'>@nerves-project</a>, and <a href='https://github.com/OpenRiak'>@OpenRiak</a> unless covered by the scope of another CNA.",
     "contact": [
       {
         "email": [
@@ -27412,11 +27355,11 @@
       "alerts": [],
       "advisories": [
         {
-          "label": "Arc",
+          "label": "Arc Security Bulletins",
           "url": "https://arc.net/security/bulletins"
         },
         {
-          "label": "Dia",
+          "label": "Dia Security Bulletins",
           "url": "https://diabrowser.com/security/bulletins"
         }
       ]

src/assets/data/CNAsList.json

@@ -1,5 +1,9 @@
 {
   "2025": [
+    {
+      "name": "October 29, 2025 - teleconference",
+      "path": "msg00303.html"
+    },
     {
       "name": "October 15, 2025 - teleconference",
       "path": "msg00301.html"

src/assets/data/boardMeetings.json

@@ -4,7 +4,7 @@
       "id": 41,
       "title": "CVE Program Technical Workshop – Autumn 2025",
       "location": "Virtual",
-      "description": "A collaborative virtual community event of CVE Partners focused on improving CVE.<br/><br/>Event Time: 10:00 AM to 2:00 PM EDT (UTC-4) both days.<br/><br/>This workshop for <a href='/ProgramOrganization/CNAs'>CVE Numbering Authorities (CNAs)</a> is free, but registration is required. The registration deadline is 11:59 p.m. EDT (UTC-4) on October 21, 2025.<br/><br/>Please refer to the CNA partners email announcement sent on October 9, 2025, for registration information and other workshop details. The final agenda will be sent directly to registered attendees.<br/><br/>All CNAs should attend this workshop. There is no limit on the number of attendees that can participate from your organization.",
+      "description": "A collaborative virtual community event of CVE Partners focused on improving CVE.<br/><br/>Event Time: 10:00 AM to 2:00 PM EDT (UTC-4) both days.<br/><br/>This workshop for <a href='/ProgramOrganization/CNAs'>CVE Numbering Authorities (CNAs)</a> is free, but registration is required. The registration deadline is 11:59 p.m. EDT (UTC-4) on October 21, 2025.<br/><br/>Please refer to the CNA partners email announcement sent on October 9, 2025, for registration information and other workshop details. The final agenda will be sent directly to registered attendees.<br/><br/>All CNAs should attend this workshop. There is no limit on the number of attendees that can participate from your organization.<br/><br/>View <a href='https://www.youtube.com/playlist?list=PLWfD9RQVdJ6dT8VZntG-DsK7c34rNNMMv' target='_blank'>workshop videos</a>.",
       "permission": "private",
       "url": "/Media/News/item/news/2025/10/14/Register-Now-for-CVE-Technical-Workshop-2025",
       "date": {
@@ -62,7 +62,7 @@
       "id": 37,
       "title": "CVE/FIRST VulnCon 2026",
       "location": "Scottsdale, Arizona, USA & Virtual",
-      "description": "EARLY REGISTRATION NOW OPEN!<br/><br/>VulnCon is co-hosted by the <a href='/'>CVE Program</a> and <a href='https://www.first.org/conference/vulncon26/' target='_blank'>FIRST</a> and is open to the public.<br/><br/><strong>Call for Papers</strong>:<br/>Opens on November 5, 2025.<br/><br/><strong>Early Registration</strong>:<br/>Both virtual and in-person early registration are now open on the VulnCon 2026 <a href='https://www.first.org/conference/vulncon26/registration#Registration-Information' target='_blank'>conference registration page</a> hosted on the FIRST website. <ul><li>Standard Admission (by March 14, 2026): US $525.00</li><li>Late Rate Admission (after March 14, 2026): US $600.00</li><li>Virtual Admission: US $100.00</li></ul>Registration fees include full admission to conference activities Monday through Thursday; continental breakfast, lunch, and two coffee breaks Tuesday through Thursday; entry to the Monday welcome reception; entry to the Tuesday networking reception; entry to the vendor hall; all applicable conference materials;, and access to live streams and applicable apps.</br></br>An After Party will be tentatively hosted off-site with tickets to be sold separately. More information to come. Tickets will cost US $30.00.<br/><br/>Discounted rates are not being offered for this event regardless of membership status. Sponsors and speakers should see the FIRST Events Office for their specific registration packages and instructions.<br/><br/><strong>Program Overview</strong>:<br/><br/>* <strong>Monday, April 13, 2026 | Pre-conference Day</strong><br/>09:00-17:30 - Various Workshops, International Coordinators Summit, Early Registration, Vendor Table Setup<br/>18:00-19:00 - Welcome Reception for Early Arrivals<br/><br/>* <strong>Tuesday, April 14, 2026 | Conference Opening Day</strong><br/>08:30-17:30 - Conference Sessions<br/>17:30-19:30 - Opening Reception with Vendors<br/><br/>* <strong>Wednesday, April 15, 2026 | Conference Day 2</strong><br/>09:00-17:30 - Conference Sessions, Vendor Move-out in the Afternoon<br/>19:00-21:00 - Tentative Off-site Social Event (separate ticket purchase required)<br/><br/>* <strong>Thursday, April 16, 2026 | Conference Day 3 and Close</strong><br/>09:00-15:00 - Conference Sessions<br/><br/><strong>Purpose:</strong><br/>The purpose of VulnCon is to collaborate with various vulnerability management and cybersecurity professionals to develop forward leaning ideas that can be taken back to individual programs for action to benefit the vulnerability management ecosystem.<br/><br/>A key goal of the conference is to understand what important stakeholders and programs are doing within the vulnerability management ecosystem and best determine how to benefit the ecosystem broadly.",
+      "description": "EARLY REGISTRATION NOW OPEN!<br/><br/>VulnCon is co-hosted by the <a href='/'>CVE Program</a> and <a href='https://www.first.org/conference/vulncon26/' target='_blank'>FIRST</a> and is open to the public.<br/><br/><strong>Call for Papers</strong>:<br/>Open! Closes on December 22, 2025.<br/><br/><strong>Early Registration</strong>:<br/>Both virtual and in-person early registration are now open on the VulnCon 2026 <a href='https://www.first.org/conference/vulncon26/registration#Registration-Information' target='_blank'>conference registration page</a> hosted on the FIRST website. <ul><li>Standard Admission (by March 14, 2026): US $525.00</li><li>Late Rate Admission (after March 14, 2026): US $600.00</li><li>Virtual Admission: US $100.00</li></ul>Registration fees include full admission to conference activities Monday through Thursday; continental breakfast, lunch, and two coffee breaks Tuesday through Thursday; entry to the Monday welcome reception; entry to the Tuesday networking reception; entry to the vendor hall; all applicable conference materials;, and access to live streams and applicable apps.</br></br>An After Party will be tentatively hosted off-site with tickets to be sold separately. More information to come. Tickets will cost US $30.00.<br/><br/>Discounted rates are not being offered for this event regardless of membership status. Sponsors and speakers should see the FIRST Events Office for their specific registration packages and instructions.<br/><br/><strong>Program Overview</strong>:<br/><br/>* <strong>Monday, April 13, 2026 | Pre-conference Day</strong><br/>09:00-17:30 - Various Workshops, International Coordinators Summit, Early Registration, Vendor Table Setup<br/>18:00-19:00 - Welcome Reception for Early Arrivals<br/><br/>* <strong>Tuesday, April 14, 2026 | Conference Opening Day</strong><br/>08:30-17:30 - Conference Sessions<br/>17:30-19:30 - Opening Reception with Vendors<br/><br/>* <strong>Wednesday, April 15, 2026 | Conference Day 2</strong><br/>09:00-17:30 - Conference Sessions, Vendor Move-out in the Afternoon<br/>19:00-21:00 - Tentative Off-site Social Event (separate ticket purchase required)<br/><br/>* <strong>Thursday, April 16, 2026 | Conference Day 3 and Close</strong><br/>09:00-15:00 - Conference Sessions<br/><br/><strong>Purpose:</strong><br/>The purpose of VulnCon is to collaborate with various vulnerability management and cybersecurity professionals to develop forward leaning ideas that can be taken back to individual programs for action to benefit the vulnerability management ecosystem.<br/><br/>A key goal of the conference is to understand what important stakeholders and programs are doing within the vulnerability management ecosystem and best determine how to benefit the ecosystem broadly.",
       "permission": "public",
       "url": "https://www.first.org/conference/vulncon26/",
       "date": {
@@ -104,7 +104,7 @@
       "id": 34,
       "title": "CVE Program Workshop – Autumn 2024",
       "location": "Virtual",
-      "description": "A collaborative virtual community event of CVE Partners focused on improving CVE.<br/><br/>Event Time: 10:00 AM to 2:00 PM EDT both days.<br/><br/>Please refer to the CNA partners email announcements for agenda topics and other workshop details.",
+      "description": "A collaborative virtual community event of CVE Partners focused on improving CVE.<br/><br/>Event Time: 10:00 AM to 2:00 PM EDT both days.<br/><br/>Please refer to the CNA partners email announcements for agenda topics and other workshop details.<br/><br/>View <a href='https://www.youtube.com/playlist?list=PLWfD9RQVdJ6c4D_PAvO9hgtQSDTD2epOo' target='_blank'>workshop videos</a>.",
       "permission": "private",
       "url": "",
       "date": {