Add security policy and update markdown docs, bump jest version #122
Conversation
…arning, add security.md policy, update contributing and readme markdown.
kenhowardpdx
left a comment
kenhowardpdx
left a comment
There was a problem hiding this comment.
I like these changes. Is there a security policy that fits my maintainer style of only checking GitHub about once a month? I really don't want to turn on email notifications. Also, I don't want to be held accountable for users publishing things they don't want to world to see. Can we make the security policy can point to GitHub's security policy and be a pass-through to theirs? 🤷🏼♂️
|
|
||
| Report security bugs by direct messaging the lead maintainer at @kenhowardpdx. | ||
|
|
||
| The lead maintainer will acknowledge your message within 48 hours, and will send a |
There was a problem hiding this comment.
I don't want to be beholden to 48 hours. I like the concept of a security policy... but not sure I will actually be able to adhere to this.
There was a problem hiding this comment.
I think you can merge the PR and do as you wish? These are the defaults, I'm sure you can tailor them as you like for a personal github project.
https://snyk.io/blog/ten-git-hub-security-best-practices/
Glad I could contribute and appreciate your speedy response to the initial security questions I had and appreciate your work on this extension.
3 participants
Description
Alternative to Dependabot is Whitesource Renovate. https://docs.renovatebot.com/install-github-app/ which may pick up dependency issues better.
Related Issue
#121
Motivation and Context
Security and doc improvements.
How Has This Been Tested?
Ran the tests in VSCode.
Screenshots (if appropriate):
Types of changes
Checklist: