Merge remote-tracking branch 'upstream/master' into show_merged_prs_s…

…tats
anuraghazra · Aug 4, 2023 · ab4946d · ab4946d
2 parents 4801b36 + 8e15656
commit ab4946d
Show file tree

Hide file tree

Showing 15 changed files with 814 additions and 682 deletions.
diff --git a/.github/labeler.yml b/.github/labeler.yml
@@ -7,6 +7,7 @@ documentation:
   - readme.md
   - CONTRIBUTING.md
   - CODE_OF_CONDUCT.md
+  - SECURITY.md
 dependencies:
   - package.json
   - package-lock.json

diff --git a/.github/workflows/empty-issues-closer.yaml b/.github/workflows/empty-issues-closer.yaml
@@ -29,7 +29,7 @@ jobs:
       - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 # NOTE: Retrieve issue templates.
 
       - name: Run empty issues closer action
-        uses: rickstaa/empty-issues-closer-action@773bc3171b488f30f89cb17bb86d8fd85bcecf0c # v1.1.0
+        uses: rickstaa/empty-issues-closer-action@09d48dba81e64a390dce550d643fb54cd1636d97 # v1.1.2
         env:
           github_token: ${{ secrets.GITHUB_TOKEN }}
         with:

diff --git a/.github/workflows/ossf-analysis.yml b/.github/workflows/ossf-analysis.yml
@@ -43,6 +43,6 @@ jobs:
 
       # required for Code scanning alerts
       - name: "Upload SARIF results to code scanning"
-        uses: github/codeql-action/upload-sarif@1813ca74c3faaa3a2da2070b9b8a0b3e7373a0d8 # v2.21.0
+        uses: github/codeql-action/upload-sarif@0ba4244466797eb048eb91a6cd43d5c03ca8bd05 # v2.21.2
         with:
           sarif_file: results.sarif
diff --git a/.github/workflows/top-issues-dashboard.yml b/.github/workflows/top-issues-dashboard.yml
@@ -34,7 +34,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Run top issues action
-        uses: rickstaa/top-issues-action@f31962cb26fb9d64bc0129d3e2bf3d109d7ae21f # v1.3.29
+        uses: rickstaa/top-issues-action@c66e5d53ffc26f7ae020ff8454582884d4af4cdb # v1.3.32
         env:
           github_token: ${{ secrets.GITHUB_TOKEN }}
         with:

diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,39 @@
+# GitHub Readme Stats Security Policies and Procedures <!-- omit in toc -->
+
+This document outlines security procedures and general policies for the
+GitHub Readme Stats project.
+
+- [Reporting a Vulnerability](#reporting-a-vulnerability)
+- [Disclosure Policy](#disclosure-policy)
+
+## Reporting a Vulnerability 
+
+The GitHub Readme Stats team and community take all security vulnerabilities
+seriously. Thank you for improving the security of our open source 
+software. We appreciate your efforts and responsible disclosure and will
+make every effort to acknowledge your contributions.
+
+Report security vulnerabilities by emailing the GitHub Readme Stats team at:
+
+```
+[email protected]
+```
+
+The lead maintainer will acknowledge your email within 24 hours, and will
+send a more detailed response within 48 hours indicating the next steps in 
+handling your report. After the initial reply to your report, the security
+team will endeavor to keep you informed of the progress towards a fix and
+full announcement, and may ask for additional information or guidance.
+
+Report security vulnerabilities in third-party modules to the person or 
+team maintaining the module.
+
+## Disclosure Policy
+
+When the security team receives a security bug report, they will assign it
+to a primary handler. This person will coordinate the fix and release
+process, involving the following steps:
+
+  * Confirm the problem.
+  * Audit code to find any potential similar problems.
+  * Prepare fixes and release them as fast as possible.