v6.20.0 - boundation, changelog, version bump

.github/FUNDING.yml

@@ -3,4 +3,5 @@ patreon: bevry
 open_collective: bevry
 ko_fi: balupton
 liberapay: bevry
+tidelift: npm/envfile
 custom: ['https://bevry.me/fund']

HISTORY.md

@@ -1,5 +1,9 @@
 # History
 
+## v6.20.0 2023 November 15
+
+-   Updated dependencies, [base files](https://github.com/bevry/base), and [editions](https://editions.bevry.me) using [boundation](https://github.com/bevry/boundation)
+
 ## v6.19.0 2023 November 13
 
 -   Updated dependencies, [base files](https://github.com/bevry/base), and [editions](https://editions.bevry.me) using [boundation](https://github.com/bevry/boundation)

README.md

@@ -95,30 +95,30 @@ console.log(stringify({ a: 1, b: 2 }))
 <a href="https://deno.land" title="Deno is a secure runtime for JavaScript and TypeScript, it is an alternative for Node.js"><h3>Deno</h3></a>
 
 ``` typescript
-import * as pkg from 'https://unpkg.com/envfile@^6.19.0/edition-deno/index.ts'
+import * as pkg from 'https://unpkg.com/envfile@^6.20.0/edition-deno/index.ts'
 ```
 
 <a href="https://www.skypack.dev" title="Skypack is a JavaScript Delivery Network for modern web apps"><h3>Skypack</h3></a>
 
 ``` html
 <script type="module">
-    import * as pkg from '//cdn.skypack.dev/envfile@^6.19.0'
+    import * as pkg from '//cdn.skypack.dev/envfile@^6.20.0'
 </script>
 ```
 
 <a href="https://unpkg.com" title="unpkg is a fast, global content delivery network for everything on npm"><h3>unpkg</h3></a>
 
 ``` html
 <script type="module">
-    import * as pkg from '//unpkg.com/envfile@^6.19.0'
+    import * as pkg from '//unpkg.com/envfile@^6.20.0'
 </script>
 ```
 
 <a href="https://jspm.io" title="Native ES Modules CDN"><h3>jspm</h3></a>
 
 ``` html
 <script type="module">
-    import * as pkg from '//dev.jspm.io/envfile@6.19.0'
+    import * as pkg from '//dev.jspm.io/envfile@6.20.0'
 </script>
 ```
 

SECURITY.md

@@ -0,0 +1,21 @@
+# Security Policy
+
+## Security Practices
+
+This project meets standardized secure software development practices, including 2FA for all members, password managers with monitoring, secure secret retrieval instead of storage. [Learn more about our practices.](https://tidelift.com/funding/github/npm/envfile)
+
+## Supported Versions
+
+This project uses [Bevry's automated tooling](https://github.com/bevry/boundation) to deliver the latest updates, fixes, and improvements inside the latest release while still maintaining widespread ecosystem compatibility.
+
+[Refer to supported ecosystem versions: `Editions` section in `README.md`.](https://github.com/bevry/envfile/blob/master/README.md#Editions)
+
+[Refer to automated support of ecosystem versions: `boundation` entries in `HISTORY.md`.](https://github.com/bevry/envfile/blob/master/HISTORY.md)
+
+Besides testing and verification, out CI also [auto-merges](https://docs.github.com/en/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions) [Dependabot security updates](https://docs.github.com/en/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates) and [auto-publishes](https://github.com/bevry-actions/npm) successful builds of the [`master` branch](https://github.com/bevry/wait/actions?query=branch%3Amaster) to the [`next` version tag](https://www.npmjs.com/package/envfile?activeTab=versions), offering immediate resolutions before scheduled maintenance releases.
+
+## Reporting a Vulnerability
+
+[Report the vulnerability to the project owners.](https://github.com/bevry/envfile/security/advisories)
+
+[Report the vulnerability to Tidelift.](https://tidelift.com/security)