Docs: Add security policy #2908
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
The latest updates on your projects. Learn more about Vercel for Git ↗︎
|
Codecov ReportPatch and project coverage have no change.
Additional details and impacted files@@ Coverage Diff @@
## master #2908 +/- ##
=======================================
Coverage 97.62% 97.62%
=======================================
Files 24 24
Lines 5175 5175
Branches 460 460
=======================================
Hits 5052 5052
Misses 122 122
Partials 1 1 ☔ View full report in Codecov by Sentry. |
rickstaa
reviewed
Jul 3, 2023
| Report security vulnerabilities by emailing the GitHub Readme Stats team at: | ||
|
|
||
| ``` | ||
| [email protected] |
There was a problem hiding this comment.
Although having a security policy is a nice addition, and I understand why in high stake projects, security issues are communicated in private over email, I think for this project, it is enough to report security issues under https://github.com/anuraghazra/github-readme-stats/issues. However, if @anuraghazra is okay with having his email here, I'm okay with the merge.
There was a problem hiding this comment.
I suggest this email because it was already published inside CODE_OF_CONDUCT.md, see: https://github.com/anuraghazra/github-readme-stats/blob/master/CODE_OF_CONDUCT.md#enforcement
But maybe it's really better to wait @anuraghazra's approve.
There was a problem hiding this comment.
I asked @anuraghazra to review this. Just to be sure 👍🏻.
There was a problem hiding this comment.
@rickstaa Alternatively we can create separate email box with shared access between all GRS team members. May be it will be better because Anurag or any other member can be busy at work and unable to take attention on vulnerability report operatively. What do you think?
There was a problem hiding this comment.
@qwerty541 Given that @anuraghazra published the email himself (I checked the commit log), I think merging this is fine. @anuraghazra can always change or remove the email later 👍🏻.
1 task
rickstaa
approved these changes
Jul 31, 2023
phamleduy04
pushed a commit
to phamleduy04/github-readme-stats
that referenced
this pull request
Aug 5, 2023
* Refactor: Wakatime card: Add missing return statements for helper functions (anuraghazra#2998) * Refactor: Wakatime card: Add missing return statements for helper functions * dev * Refactor: Repo card: Fixed type error in iconWithLabel function (anuraghazra#2999) * Refactor: Improve docstring for lowercaseTrim utils function (anuraghazra#3002) * Refactor: Improve docstring for dateDiff utils function (anuraghazra#3001) * CI: skx/github-action-tester dependency pinned by hash (anuraghazra#3014) * Refactor: Fix MissingParamError class constructor docstring (anuraghazra#3012) * Refactor: Fix docstring for getCardColors utils function (anuraghazra#3011) * I10n: Add partially-missing Uzbek translations (anuraghazra#3018) * Stats card: Add Uzbek to long languages (anuraghazra#3019) * Docs: Add security policy (anuraghazra#2908) * Build(deps-dev): Bump jest from 29.6.1 to 29.6.2 (anuraghazra#3026) Bumps [jest](https://github.com/facebook/jest/tree/HEAD/packages/jest) from 29.6.1 to 29.6.2. - [Release notes](https://github.com/facebook/jest/releases) - [Changelog](https://github.com/jestjs/jest/blob/main/CHANGELOG.md) - [Commits](https://github.com/facebook/jest/commits/v29.6.2/packages/jest) --- updated-dependencies: - dependency-name: jest dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Alexandr <[email protected]> * Build(deps-dev): Bump eslint from 8.45.0 to 8.46.0 (anuraghazra#3025) Bumps [eslint](https://github.com/eslint/eslint) from 8.45.0 to 8.46.0. - [Release notes](https://github.com/eslint/eslint/releases) - [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md) - [Commits](eslint/eslint@v8.45.0...v8.46.0) --- updated-dependencies: - dependency-name: eslint dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Alexandr <[email protected]> * Build(deps-dev): Bump eslint-config-prettier from 8.8.0 to 8.9.0 (anuraghazra#3027) Bumps [eslint-config-prettier](https://github.com/prettier/eslint-config-prettier) from 8.8.0 to 8.9.0. - [Changelog](https://github.com/prettier/eslint-config-prettier/blob/main/CHANGELOG.md) - [Commits](prettier/eslint-config-prettier@v8.8.0...v8.9.0) --- updated-dependencies: - dependency-name: eslint-config-prettier dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Build(deps-dev): Bump jest-environment-jsdom from 29.6.1 to 29.6.2 (anuraghazra#3024) Bumps [jest-environment-jsdom](https://github.com/facebook/jest/tree/HEAD/packages/jest-environment-jsdom) from 29.6.1 to 29.6.2. - [Release notes](https://github.com/facebook/jest/releases) - [Changelog](https://github.com/jestjs/jest/blob/main/CHANGELOG.md) - [Commits](https://github.com/facebook/jest/commits/v29.6.2/packages/jest-environment-jsdom) --- updated-dependencies: - dependency-name: jest-environment-jsdom dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Build(deps): Bump rickstaa/top-issues-action from 1.3.29 to 1.3.32 (anuraghazra#3023) Bumps [rickstaa/top-issues-action](https://github.com/rickstaa/top-issues-action) from 1.3.29 to 1.3.32. - [Release notes](https://github.com/rickstaa/top-issues-action/releases) - [Commits](rickstaa/top-issues-action@f31962c...c66e5d5) --- updated-dependencies: - dependency-name: rickstaa/top-issues-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Build(deps): Bump github/codeql-action from 2.21.0 to 2.21.2 (anuraghazra#3022) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.21.0 to 2.21.2. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@1813ca7...0ba4244) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Build(deps): Bump rickstaa/empty-issues-closer-action (anuraghazra#3021) Bumps [rickstaa/empty-issues-closer-action](https://github.com/rickstaa/empty-issues-closer-action) from 1.1.0 to 1.1.2. - [Release notes](https://github.com/rickstaa/empty-issues-closer-action/releases) - [Commits](rickstaa/empty-issues-closer-action@773bc31...09d48db) --- updated-dependencies: - dependency-name: rickstaa/empty-issues-closer-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * CI: Fix theme preview workflow (anuraghazra#3017) * Refactor: Fix docstring for rankIcon function (anuraghazra#3029) * CI: Add SECURITY.md to pull requests labeler (anuraghazra#3030) * Refactor: Wakatime card: Add missing returns statement for createTextNode function (anuraghazra#3032) * Refactor: Wakatime card: Use @typedef to resolve eslint errors (anuraghazra#3033) * CI: Fix theme preview workflow (Attempt 2) (anuraghazra#3034) * Themes: Add test AI-generated themes to check preview workflow (anuraghazra#3028) * Themes: Add test theme to check preview workflow * dev * dev * dev * docs(theme): Auto update theme readme (anuraghazra#3038) Co-authored-by: GitHub Readme Stats Bot <[email protected]> * Refactor: Wakatime card: Use typedef tags to resolve eslint errors (anuraghazra#3037) * Refactor: Top langs card: Fix returns tag in docstrings (anuraghazra#3036) * Refactor: Stats card: Use typedef tags to resolve eslint errors (anuraghazra#3039) * Refactor: Top langs card: Use typedef tags to resolve eslint errors (anuraghazra#3040) * Refactor: Repo card: Use typedef tags inside data fetcher to resolve eslint errors (anuraghazra#3043) --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: Alexandr Garbuzov <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: GitHub Readme Stats Bot <[email protected]>
devantler
pushed a commit
to devantler/github-readme-stats
that referenced
this pull request
Sep 24, 2023
ABA2396
pushed a commit
to ABA2396/github-readme-stats
that referenced
this pull request
Dec 22, 2023
ABA2396
pushed a commit
to ABA2396/github-readme-stats
that referenced
this pull request
Dec 22, 2023
setdebarr
pushed a commit
to setdebarr/github-readme-stats
that referenced
this pull request
Jan 12, 2024
jacobbexten
pushed a commit
to jacobbexten/github-readme-stats
that referenced
this pull request
Nov 6, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Adding basic security policy to resolve code scanning alert: https://github.com/anuraghazra/github-readme-stats/security/code-scanning/43
I used this as template: https://github.com/atomist/samples/blob/master/SECURITY.md
@rickstaa What do you think about this?