From 62aa190c0195b8ed6641bf4bcdcf4c939ab60204 Mon Sep 17 00:00:00 2001
From: Michael Dawson <mdawson@devrus.com>
Date: Fri, 7 Jan 2022 10:41:45 -0500
Subject: [PATCH] doc: add guidance on order vulns are listed in
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Michael Dawson <mdawson@devrus.com>

PR-URL: https://github.com/nodejs/node/pull/41429
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Beth Griggs <bgriggs@redhat.com>
---
 doc/guides/security-release-process.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/doc/guides/security-release-process.md b/doc/guides/security-release-process.md
index 3a691d4f75eb54..7fbf68152dd125 100644
--- a/doc/guides/security-release-process.md
+++ b/doc/guides/security-release-process.md
@@ -21,6 +21,7 @@ information described.
     the date in the slug so that it will move to the top of the blog list.)
   * [ ] pre-release: _**LINK TO PR**_
   * [ ] post-release: _**LINK TO PR**_
+    * List vulnerabilities in order of descending severity
     * Ask the HackerOne reporter if they would like to be credited on the
       security release blog page:
       ```text