20220814A

Author: hugoalh

.github/CODE_OF_CONDUCT.md

@@ -36,21 +36,45 @@ This Code of Conduct applies within all community spaces, and also applies when
 
 ## Enforcement
 
-Instances of abusive, harassing, or otherwise unacceptable behavior may be reported to the community leaders responsible for enforcement at:
+Instances of abusive, harassing, or otherwise unacceptable behavior maybe report to the community leaders responsible for enforcement via [fill this form](https://forms.gle/AXq9hWq2DsJrDNjP7) or send an e-mail.
 
-- For publicly, create an issue or a discussion in this repository
-- For privately, send an email to anyone who listed in here (click the link to obtain the email address):
-  - [hugoalh](https://github.com/hugoalh)
+All new requests may need up to `~96 hours (~4 days)` to begin the process.
+
+> **⚠ Important:**
+>
+> All requests will only proceed to further process while:
+>
+> - with the correct personal information of the submitter (plaintiff),
+> - with the correct personal information of the defendants and witnesses (if any), and
+> - you (plaintiff), all of the defendants, and all of the witnesses (if any) are in the same community/platform.
+>
+> Otherwise the request will mark as invalid immediately, not proceed, and without any notification.
 
 All complaints will be reviewed and investigated promptly and fairly.
 
 All community leaders are obligated to respect the privacy and security of the reporter of any incident.
 
-### Suggested Content List
+### Via Send An E-mail
+
+Send an e-mail to either one who listed in here (e-mail address is listed in the profile):
+
+- [hugoalh](https://github.com/hugoalh)
+
+#### Suggested Content List
+
+Please provide as much as you can to help the community leaders for better understand the nature, scope of the possible issues, and triage your request more quickly.
 
-- Your GitHub account username (e.g.: `@octocat`) (only for private report)
-- Project identification name (only for private report)
-- List of the related pages
+- Your account's platform (e.g.: GitHub, GitLab, ...).
+- Your account's username (e.g.: `@octocat`).
+- Project's ID or repository URI.
+  - Project's ID is displayed at the top part of readme (i.e.: `README` file), below the project display name (i.e.: header), inside a code block.
+- Defendants and witnesses.
+- Are defendants include any staffs, moderators, and/or administrators?
+  - This can affect who will proceed this complaint.
+- Detail of the complaint.
+- Expected actions.
+  - What kind of actions you (plaintiff) want us to apply to punish defendants?
+- Evidences.
 
 ## Enforcement Guidelines
 

.github/CONTRIBUTING.md

@@ -0,0 +1,29 @@
+# Contributing
+
+## Preface
+
+This contributing guide includes the guidelines, methods, and ways to contribute on different categories, items, and types; If this contributing guide does not include some of the categories, items, and/or types, maybe:
+
+- those guidelines, methods, and/or ways are separated from this contributing guide and exist and/or store in their corresponding places,
+- those categories, items, and/or types are easy to understand how to correctly contributing, or
+- maintainers and/or owners forgot to edit this contributing guide.
+
+If you still confused, try to create a discussion or an issue.
+
+## Discussions
+
+- Before create a discussion, check whether any similar discussions are already exist.
+
+## Issues
+
+- Before create an issue, check whether any similar issues are already exist.
+
+## Pull Requests
+
+- Before create a pull request, check whether any similar pull requests are already exist.
+- Always create a pull request to the `main` branch of this repository.
+- Try to avoid merge conflicts if possible.
+- Try to avoid a pull request with too many changes if possible.
+  - A large pull request not only stretches the review time, but also makes it much harder to spot issues.
+  - It is better to split the pull request to multiple smaller ones.
+- If your pull request is not ready but want to save it first, you can submit it by mark as draft, and no need to add any identifications to the title (e.g.: `WIP`).

.github/ISSUE_TEMPLATE/bug-report.yml

@@ -18,6 +18,7 @@ body:
       description: "What versions are affected? Versions must be listed as supported in the Security Policy (/.github/SECURITY.md)."
       multiple: true
       options:
+        - "v0.5.5"
         - "v0.5.4"
         - "v0.5.3"
         - "v0.5.2"

.github/SECURITY.md

@@ -1,40 +1,66 @@
 # Security Policy
 
-## Supported Version
+## Supported Versions
 
 > | **Legend** | **Description** |
 > |:-:|:--|
 > | L | **LTS:** Long term supported. |
 > | ✔ | **Active / Current:** Currently supported. |
-> | 👎{🐛} | **Partly (Issue):** Partly supported due to confirmed contains bugs and/or issues. |
-> | 👎{🧓} | **Partly (Old):** Partly supported due to deprecated by newer versions. |
+> | 👎{🐛} | **Partially (Issue):** Partially supported due to confirmed contains bugs and/or issues. |
+> | 👎{🧓} | **Partially (Old):** Partially supported due to deprecated by newer versions. |
 > | ❌{🐛} | **No (Issue):** Not supported due to confirmed contains bugs and/or issues. |
 > | ❌{🧓} | **No (Old):** Not supported due to too old. |
 
-| **Tag / Version** | **Target** | **Support** |
-|:-:|:-:|:-:|
-| v0.5.X | PowerShell v7.2.0 | ✔ |
-| v0.5.0 \~ v0.5.3 | PowerShell v7.2.0 | 👎{🐛} |
-| v0.4.X | PowerShell v7.2.0 | 👎{🧓} |
-| v0.3.X | PowerShell v7.2.0 | 👎{🧓} |
-| v0.3.0 \~ v0.3.2 | PowerShell v7.2.0 | ❌{🐛🧓} |
-| v0.2.X | PowerShell v7.2.0 | ❌{🧓} |
-| < v0.2.X | PowerShell v7.2.0 | ❌{🐛🧓} |
+| **Versions** | **Status** | **Target - PowerShell** | **Target - NodeJS (Wrapper API)** | **Target - NPM (Wrapper API)** |
+|:-:|:-:|:-:|:-:|:-:|
+| v0.5.X | ✔ | >= v7.2.0 | >= 14.15.0 | >= v6.14.8 |
+| v0.5.0 \~ v0.5.3 | 👎{🐛} | >= v7.2.0 | >= 14.15.0 | >= v6.14.8 |
+| v0.4.X | 👎{🧓} | >= v7.2.0 | *N/A* | *N/A* |
+| v0.3.X | 👎{🧓} | >= v7.2.0 | *N/A* | *N/A* |
+| v0.3.0 \~ v0.3.2 | ❌{🐛🧓} | >= v7.2.0 | *N/A* | *N/A* |
+| v0.2.X | ❌{🧓} | >= v7.2.0 | *N/A* | *N/A* |
+| < v0.2.X | ❌{🐛🧓} | >= v7.2.0 | *N/A* | *N/A* |
 
 ## Report Vulnerability
 
-### Contact
+If you believe you have found any security vulnerability, please do not report it publicly! Instead, please report it via [fill this form](https://forms.gle/iYjv8jGqkBzjy9yW9) or send an e-mail.
 
-Send an email to anyone who listed in here (click the link to obtain the email address):
+All new reports may need up to `~48 hours (~2 days)` to begin the process.
+
+> **⚠ Important:**
+>
+> All reports will only proceed to further process while:
+>
+> - with the correct personal information of the reporter, and
+> - with the correct project's ID or repository URI.
+>
+> Otherwise the report will mark as invalid immediately, not proceed, and without any notification.
+
+### Via Send An E-mail
+
+Send an e-mail to either one who listed in here (e-mail address is listed in the profile):
 
 - [hugoalh](https://github.com/hugoalh)
 
-### Suggested Content List
+#### Suggested Content List
+
+Please provide as much as you can to help the security vulnerability report supervisors for better understand the nature, scope of the possible issues, and triage your report more quickly.
 
-- Your GitHub account username (e.g.: `@octocat`)
-- Project identification name
-- Affected versions (versions must be listed as supported)
-- Affected files
-- Issues to cause this security issue
-- Common Vulnerabilities and Exposures (CVE) identification numbers
-- References of this security issue
+- Your account's platform (e.g.: GitHub, GitLab, ...).
+- Your account's username (e.g.: `@octocat`).
+- Project's ID or repository URI.
+  - Project's ID is displayed at the top part of readme (i.e.: `README` file), below the project display name (i.e.: header), inside a code block.
+- Affected branches, commits, tags, and/or versions.
+  - Versions must be listed as supported.
+  - For multiple versions, you can use version range instead.
+- Affected files.
+  - Files which related to the manifestation of this security vulnerability.
+  - Relative files' paths based on repository root.
+- Issues to cause this security vulnerability (e.g.: buffer overflow, cross-site scripting, SQL injection, ...).
+- Any special/specific configuration required to reproduce this security vulnerability?
+- Steps' instructions to reproduce this security vulnerability.
+- Proof of concept and/or exploit code.
+  - How an attacker might exploit this security vulnerability?
+- References of this security vulnerability.
+  - Common Vulnerabilities and Exposures (CVE) IDs.
+  - Common Weakness Enumerator (CWE) IDs.

hugoalh.GitHubActionsToolkit/hugoalh.GitHubActionsToolkit.psd1

@@ -3,7 +3,7 @@
 	RootModule = 'hugoalh.GitHubActionsToolkit.psm1'
 
 	# Version number of this module.
-	ModuleVersion = '0.5.4'
+	ModuleVersion = '0.5.5'
 
 	# Supported PSEditions
 	# CompatiblePSEditions = @()

hugoalh.GitHubActionsToolkit/module/nodejs-wrapper/package-lock.json

@@ -1,6 +1,6 @@
 {
 	"name": "@hugoalh/ghactions-toolkit-powershell-nodejs-wrapper",
-	"version": "0.5.4",
+	"version": "0.5.5",
 	"description": "A PowerShell module to provide a better and easier way for GitHub Actions to communicate with the runner machine, and the toolkit for developing GitHub Actions in PowerShell.",
 	"keywords": [
 		"gh-actions",
@@ -22,8 +22,8 @@
 	},
 	"dependencies": {
 		"@actions/artifact": "^1.1.0",
-		"@actions/cache": "^3.0.1",
-		"@actions/core": "^1.9.0",
+		"@actions/cache": "^3.0.3",
+		"@actions/core": "^1.9.1",
 		"@actions/tool-cache": "^2.0.1"
 	},
 	"engines": {