Add security file

- Add `./SECURITY.md` file
- Fix and add pre-commit hooks
- Fix documentation page

.gitignore

@@ -2,6 +2,7 @@
 *.MD
 !README.md
 !CONTRIBUTING.md
+!SECURITY.md
 benchmark.csv
 
 # Byte-compiled / optimized / DLL files

.pre-commit-config.yaml

@@ -1,92 +1,107 @@
 # See https://pre-commit.com for more information
 # See https://pre-commit.com/hooks.html for more hooks
 repos:
--   repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: 'v4.5.0'
-    hooks:
-    -   id: trailing-whitespace
-    -   id: end-of-file-fixer
-    -   id: check-yaml
-    -   id: check-added-large-files
-    -   id: destroyed-symlinks
-    -   id: detect-private-key
-    -   id: check-ast
-    -   id: check-case-conflict
-    -   id: debug-statements
-    -   id: fix-encoding-pragma
-    -   id: forbid-submodules
-    -   id: check-symlinks
-    -   id: check-shebang-scripts-are-executable
-    -   id: check-case-conflict
-    -   id: check-added-large-files
-        args: ['--maxkb=4096']
-    -   id: destroyed-symlinks
+- repo: https://github.com/pre-commit/pre-commit-hooks
+  rev: 'v4.5.0'
+  hooks:
+    - id: trailing-whitespace
+    - id: end-of-file-fixer
+    - id: check-yaml
+    - id: check-added-large-files
+    - id: destroyed-symlinks
+    - id: detect-private-key
+    - id: check-ast
+    - id: check-case-conflict
+    - id: debug-statements
+    # Add <# -*- coding: utf-8 -*-> to the top of python files.
+    - id: fix-encoding-pragma
+        # https://github.com/asottile/pyupgrade/issues/748
+        # https://github.com/asottile/pyupgrade/issues/89
+      args: ['--remove']
+    - id: forbid-submodules
+    - id: check-symlinks
+    - id: check-shebang-scripts-are-executable
+    - id: check-case-conflict
+    - id: check-added-large-files
+      args: ['--maxkb=4096']
+    - id: destroyed-symlinks
 
 # YAPF and flake8 need to remain pinned.
--   repo: https://github.com/pre-commit/mirrors-yapf
-    rev: 'v0.32.0' # frozen: v0.32.0
-    hooks:
-    -   id: yapf
-        additional_dependencies: [toml]
+- repo: https://github.com/pre-commit/mirrors-yapf
+  rev: 'v0.32.0' # frozen: v0.32.0
+  hooks:
+    - id: yapf
+      additional_dependencies: [toml]
 
--   repo: https://github.com/pycqa/flake8
-    rev: '6.0.0' # frozen: 6.0.0
-    hooks:
-    -   id: flake8
-        additional_dependencies: [flake8-docstrings]
+- repo: https://github.com/pycqa/flake8
+  rev: '6.0.0' # frozen: 6.0.0
+  hooks:
+    - id: flake8
+      additional_dependencies: [flake8-docstrings]
 
--   repo: https://github.com/PyCQA/bandit
-    rev: '1.7.5'  # Use the sha / tag you want to point at
-    hooks:
-    -   id: bandit
-        args: ['--skip', 'B404,B506,B410,B603,B324', '--level', 'LOW']
+- repo: https://github.com/PyCQA/bandit
+  rev: '1.7.5'  # Use the sha / tag you want to point at
+  hooks:
+    - id: bandit
+      args: ['--skip', 'B404,B506,B410,B603,B324', '--level', 'LOW']
 
 #   -   repo: https://github.com/pre-commit/mirrors-mypy
 #       rev: 'v0.991'
 #       hooks:
 #       -      id: mypy
 #              args: ['--no-strict-optional', '--ignore-missing-imports', '--show-error-context', '--show-error-codes', '--follow-imports', 'silent']
 
--   repo: https://github.com/pycqa/isort
-    rev: '5.12.0'
-    hooks:
-    -   id: isort
+- repo: https://github.com/pycqa/isort
+  rev: '5.12.0'
+  hooks:
+    - id: isort
+
+- repo: https://github.com/asottile/pyupgrade
+  rev: 'v3.15.0'
+  hooks:
+    - id: pyupgrade
 
 #    -   repo: https://codeberg.org/frnmst/licheck
 #        rev: '1.0.0'
 #        hooks:
 #        -   id: licheck
 #            args: ['--configuration-file', '.allowed_licenses.yml']
 
--   repo: https://codeberg.org/frnmst/md-toc
-    rev: '8.2.0'  # or a specific git tag from md-toc
-    hooks:
-    -    id: md-toc
-         args: [-p, 'cmark', '-l6']  # CLI options
+- repo: https://codeberg.org/frnmst/md-toc
+  rev: '8.2.0'  # or a specific git tag from md-toc
+  hooks:
+    - id: md-toc
+      args: [-p, 'cmark', '-l6']  # CLI options
+
+- repo: https://github.com/mgedmin/check-manifest
+  rev: '0.49'
+  hooks:
+    - id: check-manifest
 
--   repo: https://github.com/mgedmin/check-manifest
-    rev: '0.49'
-    hooks:
-    -   id: check-manifest
+      #- repo: https://github.com/rstcheck/rstcheck
+      #  rev: 'v6.2.0'
+      #  hooks:
+      #    - id: rstcheck
+      #      additional_dependencies: ["tomli"]
 
--   repo: local
-    hooks:
-    -   id: unit-tests
-        name: unit tests
-        language: system
-        entry: make test
-        verbose: true
-        always_run: true
-        pass_filenames: false
-    -   id: build-docs
-        name: build docs
-        language: system
-        entry: make doc
-        verbose: true
-        always_run: true
-        pass_filenames: false
+- repo: local
+  hooks:
+    - id: unit-tests
+      name: unit tests
+      language: system
+      entry: make test
+      verbose: true
+      always_run: true
+      pass_filenames: false
+    - id: build-docs
+      name: build docs
+      language: system
+      entry: make doc
+      verbose: true
+      always_run: true
+      pass_filenames: false
 
--   repo: https://github.com/jorisroovers/gitlint
-    rev: 'v0.18.0'
-    hooks:
-    -   id: gitlint
+- repo: https://github.com/jorisroovers/gitlint
+  rev: 'v0.18.0'
+  hooks:
+    - id: gitlint

MANIFEST.in

@@ -1,6 +1,7 @@
 global-include LICENSE.txt
 global-include README.md
 global-include CONTRIBUTING.md
+global-include SECURITY.md
 recursive-include md_toc/cmark *.py
 global-exclude *.csv *.txt
 prune assets

Makefile

@@ -113,13 +113,17 @@ dist:
 
 upload:
 	$(VENV_CMD) \
-		&& twine upload dist/* \
+		&& twine upload --repository md-toc dist/* \
 		&& deactivate
 
 clean:
 	rm -rf build dist *.egg-info tests/benchmark-results
 	# Remove all markdown files except the readmes.
-	find -regex ".*\.[mM][dD]" ! -name 'README.md' ! -name 'CONTRIBUTING.md' -type f -exec rm -f {} +
+	find -regex ".*\.[mM][dD]" \
+		! -name 'README.md' \
+		! -name 'CONTRIBUTING.md' \
+		| -name 'SECURITY.md' \
+		-type f -exec rm -f {} +
 	$(VENV_CMD) \
 		&& $(MAKE) -C docs clean \
 		&& deactivate

SECURITY.md

@@ -0,0 +1,15 @@
+# Security Policy
+
+## Supported Versions
+
+The latest
+[GIT tagged version of md-toc](https://github.com/frnmst/md-toc/tags) is the
+only one supported. When a new version is released, that one will be the only
+one supported.
+
+## Reporting a Vulnerability
+
+Use this
+[Nextcloud form](https://cloud.franco.net.eu.org/apps/forms/s/ozgp2GqH46QMmsE9JPn5aP8B)
+(preferred) or send me an
+[email](https://blog.franco.net.eu.org/about/#contacts)

docs/conf.py

@@ -1,4 +1,3 @@
-# -*- coding: utf-8 -*-
 #
 # md-toc documentation build configuration file, created by
 # sphinx-quickstart on Wed Dec 27 17:32:50 2017.

docs/pre_commit_hook.rst

@@ -1,14 +1,17 @@
 Pre-commit hook
 ---------------
 
-This repo provides the following :download:`plugin <../.pre-commit-hooks.yaml>` to be used with the `Pre-commit framework <https://pre-commit.com/>`_:
+This repo provides the following :download:`plugin <../.pre-commit-hooks.yaml>` to be used with the `Pre-commit framework <https://pre-commit.com/>`_
 
 .. literalinclude:: ../.pre-commit-hooks.yaml
    :language: yaml
    :caption: The .pre-commit-hooks.yaml file
    :name: .pre-commit-hooks.yaml
 
-Add a ``.pre-commit-config.yaml`` file in the root of your git repo.
+Add a ``.pre-commit-config.yaml`` file in the root of your GIT repo.
+Have a look at the ``/.pre-commit-hooks.yaml`` file of this repository for a
+full example.
+
 These are the default plugin settings
 
 .. code-block:: yaml
@@ -17,8 +20,8 @@ These are the default plugin settings
 
     repos:
     -   repo: https://codeberg.org/frnmst/md-toc
-        # Remember to keep md-toc up-to-date!
-        rev: master  # set a specific git tag
+        # Release updates (ATOM) https://codeberg.org/frnmst/md-toc/tags.atom
+        rev: master # set a GIT tag
         hooks:
         -   id: md-toc
 
@@ -30,49 +33,10 @@ You can override the defaults via the ``args`` parameter, such as
 
     repos:
     -   repo: https://codeberg.org/frnmst/md-toc
-        # Remember to keep md-toc up-to-date!
-        rev: master  # set a specific git tag
+        # Release updates (ATOM) https://codeberg.org/frnmst/md-toc/tags.atom
+        rev: master # set a GIT tag
         hooks:
         -   id: md-toc
             args: [-p, --skip-lines, '1', redcarpet]  # CLI options
 
-This is what I use in some repositories
-
-.. code-block:: yaml
-
-   # See https://pre-commit.com for more information
-   # See https://pre-commit.com/hooks.html for more hooks
-   repos:
-   -   repo: https://github.com/pre-commit/pre-commit-hooks
-       rev: 'v4.4.0'
-       hooks:
-       -   id: trailing-whitespace
-       -   id: end-of-file-fixer
-       -   id: check-yaml
-       -   id: destroyed-symlinks
-       -   id: detect-private-key
-       -   id: check-ast
-       -   id: check-case-conflict
-       -   id: debug-statements
-       -   id: fix-encoding-pragma
-       -   id: forbid-submodules
-       -   id: check-symlinks
-       -   id: check-shebang-scripts-are-executable
-       -   id: check-case-conflict
-       -   id: check-added-large-files
-           args: ['--maxkb=16384']
-       -   id: destroyed-symlinks
-
-   -  repo: https://codeberg.org/frnmst/md-toc
-      # Remember to keep md-toc up-to-date!
-      rev: '8.2.0'  # set a specific git tag
-      hooks:
-      -    id: md-toc
-           args: [-p, 'cmark', '-l6']  # CLI options
-
-   -   repo: https://github.com/jorisroovers/gitlint
-       rev: 'v0.18.0'
-       hooks:
-       -   id: gitlint
-
 Finally, run ``pre-commit install`` to enable the hook.

md_toc/__init__.py

@@ -1,4 +1,3 @@
-# -*- coding: utf-8 -*-
 #
 # __init__.py
 #

md_toc/__main__.py

@@ -1,4 +1,3 @@
-# -*- coding: utf-8 -*-
 #
 # __main__.py
 #