From ace0dc6aa86430e88ee5456207c6e7736c859892 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Tue, 8 Aug 2023 05:25:52 +0000 Subject: [PATCH 1/2] fix: package.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-NEXT-2405694 - https://snyk.io/vuln/SNYK-JS-SEMVER-3247795 - https://snyk.io/vuln/SNYK-JS-SHELLQUOTE-1766506 --- package.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/package.json b/package.json index b925ec98fc3e..2693051e8bc5 100644 --- a/package.json +++ b/package.json @@ -56,7 +56,7 @@ "mdast-util-from-markdown": "^1.2.0", "mdast-util-to-string": "^3.1.0", "morgan": "^1.10.0", - "next": "^11.1.3", + "next": "^12.1.0", "parse5": "^6.0.1", "port-used": "^2.0.8", "react": "^17.0.2", @@ -77,7 +77,7 @@ "revalidator": "^0.3.1", "rss-parser": "^3.12.0", "scroll-anchoring": "^0.1.0", - "semver": "^7.3.5", + "semver": "^7.5.2", "slash": "^4.0.0", "strip-html-comments": "^1.0.0", "styled-components": "^5.3.3", From 0cfab4a5915d5b500f293397615d6e435e8eb23f Mon Sep 17 00:00:00 2001 From: jackthedripper5478 <100258707+lilmoonlil@users.noreply.github.com> Date: Wed, 16 Oct 2024 17:18:05 -0400 Subject: [PATCH 2/2] Create SECURITY.md --- SECURITY.md | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 000000000000..034e84803209 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,21 @@ +# Security Policy + +## Supported Versions + +Use this section to tell people about which versions of your project are +currently being supported with security updates. + +| Version | Supported | +| ------- | ------------------ | +| 5.1.x | :white_check_mark: | +| 5.0.x | :x: | +| 4.0.x | :white_check_mark: | +| < 4.0 | :x: | + +## Reporting a Vulnerability + +Use this section to tell people how to report a vulnerability. + +Tell them where to go, how often they can expect to get an update on a +reported vulnerability, what to expect if the vulnerability is accepted or +declined, etc.