NOUIY · pull · Nov 6, 2023 · Nov 5, 2023 · Nov 5, 2023 · Nov 6, 2023
diff --git a/.github/workflows/lighthouse.yml b/.github/workflows/lighthouse.yml
@@ -29,7 +29,9 @@ permissions:
 jobs:
   lighthouse-ci:
     # We want to skip our lighthouse analysis on Dependabot PRs
-    if: startsWith(github.event.pull_request.head.ref, 'dependabot/') == false
+    if: |
+      startsWith(github.event.pull_request.head.ref, 'dependabot/') == false &&
+      github.event.label.name == 'github_actions:pull-request'
 
     name: Lighthouse Report
     runs-on: ubuntu-latest

diff --git a/pages/en/about/security-reporting.md → pages/en/about/security-reporting.mdx b/pages/en/about/security-reporting.md → pages/en/about/security-reporting.mdx
@@ -75,6 +75,14 @@
 
 ## OpenSSF Best Practices
 
-<a href="https://bestpractices.coreinfrastructure.org/projects/29" style="display: inline-flex;"><img src="https://bestpractices.coreinfrastructure.org/projects/29/badge" style="display: inline;"></a>
+<a
+  href="https://bestpractices.coreinfrastructure.org/projects/29"
+  style={{ display: 'inline-flex' }}
+>
+  <img
+    src="https://bestpractices.coreinfrastructure.org/projects/29/badge"
+    style={{ display: 'inline' }}
+  />
+</a>
 
 The Open Source Security Foundation (OpenSSF) [Best Practices badge](https://github.com/coreinfrastructure/best-practices-badge) is a way for Free/Libre and Open Source Software (FLOSS) projects to show that they follow best practices. Projects can voluntarily self-certify how they follow each best practice. Consumers of the badge can quickly assess which FLOSS projects are following best practices and as a result are more likely to produce higher-quality secure software.
diff --git a/pages/en/blog/release/v20.6.0.md b/pages/en/blog/release/v20.6.0.md
@@ -43,7 +43,7 @@ node --import ./file-that-calls-register.js ./app.js
 
 Using `--import` ensures that the customization hooks are registered before any application code runs, even the entry point.
 
-This feature was contributed by Izaak Schroeder in <https://github.com/nodejs/node/pull/48842> and <https://github.com/nodejs/node/pull/48559>
+This feature was contributed by João Lenon and Jacob Smith in <https://github.com/nodejs/node/pull/46826>, Izaak Schroeder and Jacob Smith in <https://github.com/nodejs/node/pull/48842> and <https://github.com/nodejs/node/pull/48559>
 
 #### Module customization `load` hook can now support CommonJS
 

diff --git a/pages/en/blog/vulnerability/october-2023-security-releases.md b/pages/en/blog/vulnerability/october-2023-security-releases.md
@@ -11,7 +11,7 @@ author: Rafael Gonzaga
 Updates are now available for the v18.x and v20.x Node.js release lines for the
 following issues.
 
-## undici - Cookie headers are not cleared in cross-domain redirect in undici-fetch (High) - (CVE-2023-45143)
+## undici - Cookie headers are not cleared in cross-domain redirect in undici-fetch (Low) - (CVE-2023-45143)
 
 Undici did not always clear Cookie headers on cross-origin redirects. By design, cookie headers are [forbidden request headers](https://fetch.spec.whatwg.org/#forbidden-request-header), disallowing them to be set in RequestInit.headers in browser environments. Since undici handles headers more liberally than the spec, there was a disconnect from the assumptions the spec made, and undici's implementation of fetch.