Create SECURITY.md #40283
Closed
Create SECURITY.md #40283
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: 謝宗儒 <null>
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-STYLEDCOMPONENTS-3149924
…e844910bf8d34 [Snyk] Security upgrade styled-components from 5.3.5 to 5.3.7
Snyk has created this PR to upgrade hot-shots from 9.0.0 to 9.3.0. See this package in npm: https://www.npmjs.com/package/hot-shots See this project in Snyk: https://app.snyk.io/org/zongruxie73/project/73e22725-84df-4763-b0fc-e56b8e31c87e?utm_source=github&utm_medium=referral&page=upgrade-pr
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-PATHTOREGEXP-8482416 - https://snyk.io/vuln/SNYK-JS-NEXT-8520073
…8603488c148fe [Snyk] Fix for 2 vulnerabilities
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-BABELTRAVERSE-5962462 - https://snyk.io/vuln/SNYK-JS-HTTPPROXYMIDDLEWARE-8229906 - https://snyk.io/vuln/SNYK-JS-BRACES-6838727 - https://snyk.io/vuln/SNYK-JS-SEMVER-3247795 - https://snyk.io/vuln/SNYK-JS-WS-7266574 - https://snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-6141137 - https://snyk.io/vuln/SNYK-JS-AXIOS-6032459 - https://snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-6444610 - https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116 - https://snyk.io/vuln/SNYK-JS-MICROMATCH-6838728 - https://snyk.io/vuln/SNYK-JS-AXIOS-6124857 - https://snyk.io/vuln/SNYK-JS-HTTPCACHESEMANTICS-3248783 - https://snyk.io/vuln/SNYK-JS-XML2JS-5414874 - https://snyk.io/vuln/SNYK-JS-NEXT-8602067 - https://snyk.io/vuln/SNYK-JS-COOKIE-8163060 - https://snyk.io/vuln/SNYK-JS-SIDEWAYFORMULA-3317169 - https://snyk.io/vuln/SNYK-JS-LIQUIDJS-2952868
…0270bc3d30c9b [Snyk] Fix for 17 vulnerabilities
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-HTTPPROXYMIDDLEWARE-8229906 - https://snyk.io/vuln/SNYK-JS-WS-7266574
…4009eb2695984 [Snyk] Fix for 2 vulnerabilities
…date ci(Mergify): configuration update
Bumps [peter-evans/create-or-update-comment](https://github.com/peter-evans/create-or-update-comment) from 2.0.0 to 4.0.0. - [Release notes](https://github.com/peter-evans/create-or-update-comment/releases) - [Commits](peter-evans/create-or-update-comment@c9fcb64...71345be) --- updated-dependencies: - dependency-name: peter-evans/create-or-update-comment dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [peter-evans/create-issue-from-file](https://github.com/peter-evans/create-issue-from-file) from 4.0.1 to 5.0.1. - [Release notes](https://github.com/peter-evans/create-issue-from-file/releases) - [Commits](peter-evans/create-issue-from-file@433e51a...e8ef132) --- updated-dependencies: - dependency-name: peter-evans/create-issue-from-file dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [babel-loader](https://github.com/babel/babel-loader) from 8.2.5 to 10.0.0. - [Release notes](https://github.com/babel/babel-loader/releases) - [Changelog](https://github.com/babel/babel-loader/blob/main/CHANGELOG.md) - [Commits](babel/babel-loader@v8.2.5...v10.0.0) --- updated-dependencies: - dependency-name: babel-loader dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 2.1.0 to 3.10.0. - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](docker/setup-buildx-action@95cb08c...b5ca514) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>
…cker/setup-buildx-action-3.10.0 Bump docker/setup-buildx-action from 2.1.0 to 3.10.0
…l-loader-10.0.0 Bump babel-loader from 8.2.5 to 10.0.0
Bumps [uuid](https://github.com/uuidjs/uuid) from 9.0.0 to 11.1.0. - [Release notes](https://github.com/uuidjs/uuid/releases) - [Changelog](https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md) - [Commits](uuidjs/uuid@v9.0.0...v11.1.0) --- updated-dependencies: - dependency-name: uuid dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps the npm_and_yarn group with 9 updates in the / directory: | Package | From | To | | --- | --- | --- | | [liquidjs](https://github.com/harttle/liquidjs) | `10.0.0` | `10.21.0` | | [next](https://github.com/vercel/next.js) | `14.2.21` | `15.2.1` | | [jest-environment-puppeteer](https://github.com/argos-ci/jest-puppeteer/tree/HEAD/packages/jest-environment-puppeteer) | `5.0.4` | `11.0.0` | | [postcss](https://github.com/postcss/postcss) | `8.4.31` | `8.5.3` | | [start-server-and-test](https://github.com/bahmutov/start-server-and-test) | `1.14.0` | `2.0.10` | | [jest-puppeteer](https://github.com/argos-ci/jest-puppeteer/tree/HEAD/packages/jest-puppeteer) | `5.0.4` | `11.0.0` | | [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) | `7.18.5` | `7.26.9` | | [json5](https://github.com/json5/json5) | `1.0.1` | `1.0.2` | | [webpack](https://github.com/webpack/webpack) | `5.73.0` | `5.98.0` | Updates `liquidjs` from 10.0.0 to 10.21.0 - [Release notes](https://github.com/harttle/liquidjs/releases) - [Changelog](https://github.com/harttle/liquidjs/blob/master/CHANGELOG.md) - [Commits](harttle/liquidjs@v10.0.0...v10.21.0) Updates `next` from 14.2.21 to 15.2.1 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v14.2.21...v15.2.1) Updates `jest-environment-puppeteer` from 5.0.4 to 11.0.0 - [Release notes](https://github.com/argos-ci/jest-puppeteer/releases) - [Changelog](https://github.com/argos-ci/jest-puppeteer/blob/main/packages/jest-environment-puppeteer/CHANGELOG.md) - [Commits](https://github.com/argos-ci/jest-puppeteer/commits/v11.0.0/packages/jest-environment-puppeteer) Updates `postcss` from 8.4.31 to 8.5.3 - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@8.4.31...8.5.3) Updates `start-server-and-test` from 1.14.0 to 2.0.10 - [Release notes](https://github.com/bahmutov/start-server-and-test/releases) - [Commits](bahmutov/start-server-and-test@v1.14.0...v2.0.10) Updates `jest-puppeteer` from 5.0.4 to 11.0.0 - [Release notes](https://github.com/argos-ci/jest-puppeteer/releases) - [Changelog](https://github.com/argos-ci/jest-puppeteer/blob/main/packages/jest-puppeteer/CHANGELOG.md) - [Commits](https://github.com/argos-ci/jest-puppeteer/commits/v11.0.0/packages/jest-puppeteer) Updates `@babel/traverse` from 7.18.5 to 7.26.9 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.26.9/packages/babel-traverse) Updates `axios` from 0.21.4 to 1.8.2 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v0.21.4...v1.8.2) Updates `json5` from 1.0.1 to 1.0.2 - [Release notes](https://github.com/json5/json5/releases) - [Changelog](https://github.com/json5/json5/blob/main/CHANGELOG.md) - [Commits](json5/json5@v1.0.1...v1.0.2) Updates `webpack` from 5.73.0 to 5.98.0 - [Release notes](https://github.com/webpack/webpack/releases) - [Commits](webpack/webpack@v5.73.0...v5.98.0) --- updated-dependencies: - dependency-name: liquidjs dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: next dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: jest-environment-puppeteer dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: postcss dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: start-server-and-test dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: jest-puppeteer dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: "@babel/traverse" dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: axios dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: json5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: webpack dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 4.0.2 to 7.0.8. - [Release notes](https://github.com/peter-evans/create-pull-request/releases) - [Commits](peter-evans/create-pull-request@bd72e1b...271a8d0) --- updated-dependencies: - dependency-name: peter-evans/create-pull-request dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [actions/github-script](https://github.com/actions/github-script) from 2b34a689ec86a68d8ab9478298f91d5401337b7d to 3908079ba1e7bce10117ad701c321d07e89017a9. - [Release notes](https://github.com/actions/github-script/releases) - [Commits](actions/github-script@2b34a68...3908079) --- updated-dependencies: - dependency-name: actions/github-script dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]>
…ions/github-script-3908079ba1e7bce10117ad701c321d07e89017a9 Bump actions/github-script from 2b34a689ec86a68d8ab9478298f91d5401337b7d to 3908079ba1e7bce10117ad701c321d07e89017a9
…er-evans/create-pull-request-7.0.8 Bump peter-evans/create-pull-request from 4.0.2 to 7.0.8
…nd_yarn-7b633cf4a6 Bump the npm_and_yarn group across 1 directory with 10 updates
Bumps [rehype-highlight](https://github.com/rehypejs/rehype-highlight) from 6.0.0 to 7.0.2. - [Release notes](https://github.com/rehypejs/rehype-highlight/releases) - [Commits](rehypejs/rehype-highlight@6.0.0...7.0.2) --- updated-dependencies: - dependency-name: rehype-highlight dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [@primer/react](https://github.com/primer/react) from 35.4.0 to 37.14.0. - [Release notes](https://github.com/primer/react/releases) - [Commits](https://github.com/primer/react/compare/v35.4.0...@primer/[email protected]) --- updated-dependencies: - dependency-name: "@primer/react" dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>
…11.1.0 Bump uuid from 9.0.0 to 11.1.0
…r/react-37.14.0 Bump @primer/react from 35.4.0 to 37.14.0
Bumps the npm_and_yarn group with 1 update: [@babel/runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-runtime). Updates `@babel/runtime` from 7.16.3 to 7.26.10 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.26.10/packages/babel-runtime) --- updated-dependencies: - dependency-name: "@babel/runtime" dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <[email protected]>
…793c5fa4bc5b5170 [Snyk] Upgrade hot-shots from 9.0.0 to 9.3.0
…24bb368f88f6ae42 [Snyk] Upgrade react-dom from 17.0.2 to 19.1.0
…3714ee914224a380 [Snyk] Upgrade typescript from 4.7.4 to 5.8.3
…ions/setup-node-4.4.0 Bump actions/setup-node from 2.5.1 to 4.4.0
…t-8.1.0 Bump helmet from 6.0.0 to 8.1.0
…-util-from-markdown-2.0.2 Bump mdast-util-from-markdown from 1.2.0 to 2.0.2
…nd_yarn-2c631a4876 Bump @babel/runtime from 7.16.3 to 7.26.10 in the npm_and_yarn group
…-issue-from-file-5.0.1
…er-evans/create-issue-from-file-5.0.1 Bump peter-evans/create-issue-from-file from 4.0.1 to 5.0.1
…-or-update-comment-4.0.0
…er-evans/create-or-update-comment-4.0.0 Bump peter-evans/create-or-update-comment from 2.0.0 to 4.0.0
…e-highlight-7.0.2 Bump rehype-highlight from 6.0.0 to 7.0.2
Bumps [actions/cache](https://github.com/actions/cache) from 3.0.2 to 4.2.4. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](actions/cache@48af2dc...0400d5f) --- updated-dependencies: - dependency-name: actions/cache dependency-version: 4.2.4 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>
…ions/cache-4.2.4 build(deps): bump actions/cache from 3.0.2 to 4.2.4
Signed-off-by: 謝宗儒 <[email protected]>
|
Thanks for opening this pull request! A GitHub docs team member should be by to give feedback soon. In the meantime, please check out the contributing guidelines. |
Contributor
|
👋 Hey there spelunker. It looks like you've modified some files that we can't accept as contributions:
You'll need to revert all of the files you changed that match that list using GitHub Desktop or The complete list of files we can't accept are:
We also can't accept contributions to files in the content directory with frontmatter |
github-actions
bot
added
the
triage
Contributor
How to review these changes 👓Thank you for your contribution. To review these changes, choose one of the following options: A Hubber will need to deploy your changes internally to review. Table of review linksNote: Please update the URL for your staging server or codespace. This pull request contains code changes, so we will not generate a table of review links. 🤖 This comment is automatically generated. |
Contributor
|
👋 Hey there spelunker. It looks like you've modified some files that we can't accept as contributions:
You'll need to revert all of the files you changed that match that list using GitHub Desktop or The complete list of files we can't accept are:
We also can't accept contributions to files in the content directory with frontmatter |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Signed-off-by: 謝宗儒 [email protected]
Why:
Closes:
What's being changed (if available, include any code snippets, screenshots, or gifs):
Check off the following: