Merge branch 'trunk' of github.com:jdevalk/comment-hacks into trunk

Emilia-Capital · Dec 8, 2023 · 59f0c88 · 59f0c88
2 parents a2e5ba2 + 915a9cf
commit 59f0c88
Show file tree

Hide file tree

Showing 8 changed files with 34 additions and 6 deletions.
diff --git a/.github/workflows/cs.yml b/.github/workflows/cs.yml
@@ -22,7 +22,7 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Install PHP
         uses: shivammathur/setup-php@v2

diff --git a/.github/workflows/js.yml b/.github/workflows/js.yml
@@ -26,15 +26,15 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       # The ubuntu images come with Node, npm and yarn pre-installed.
       # https://github.com/actions/virtual-environments/blob/main/images/linux/Ubuntu2004-Readme.md
 
       # This action also handles the caching of the Yarn dependencies.
       # https://github.com/actions/setup-node
       - name: Set up node and enable caching of dependencies
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@v4
         with:
           node-version: '14'
           cache: 'yarn'

diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
@@ -32,7 +32,7 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Install PHP
         uses: shivammathur/setup-php@v2

diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
@@ -26,7 +26,7 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       # This action checks the `composer.lock` file against known security vulnerabilities in the dependencies.
       # https://github.com/marketplace/actions/the-php-security-checker

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -60,7 +60,7 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Install PHP
         uses: shivammathur/setup-php@v2

diff --git a/.github/workflows/update-readme.yml b/.github/workflows/update-readme.yml
@@ -0,0 +1,16 @@
+name: "Plugin asset/readme update"
+
+on:
+  workflow_dispatch:
+
+jobs:
+  trunk:
+    name: Push to trunk
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@main
+    - name: WordPress.org plugin asset/readme update
+      uses: 10up/action-wordpress-plugin-asset-update@stable
+      env:
+        SVN_PASSWORD: ${{ secrets.SVN_PASSWORD }}
+        SVN_USERNAME: ${{ secrets.SVN_USERNAME }}
diff --git a/Security.md b/Security.md
@@ -0,0 +1,7 @@
+# Security Policy
+
+## Reporting Security Bugs
+
+Please report security bugs found in this plugin through the [Patchstack Vulnerability Disclosure Program](https://patchstack.com/database/vdp/yoast-comment-hacks). 
+
+The Patchstack team will assist you with verification, CVE assignment, and notify me, the plugin developer.
diff --git a/readme.txt b/readme.txt
@@ -30,6 +30,11 @@ commenters will have to accept your comment policy before being able to comment.
 
 See the screenshots to get an even better idea of the plugins' functionality.
 
+=== Have you found an issue? ===
+
+If you have bugs to report, please go to [the plugin's GitHub repository](https://github.com/jdevalk/comment-hacks). For security issues, please use our [vulnerability disclosure program](https://patchstack.com/database/vdp/yoast-comment-hacks), which is managed by PatchStack. They will assist you with verification, CVE assignment, and, of course, notify us.
+
+
 == Installation ==
 
 **Install through your backend**