From a56fec4532f58e82def381aa58570c9dd086af03 Mon Sep 17 00:00:00 2001 From: Aleksander Zaruczewski Date: Fri, 29 Jul 2022 01:07:39 +0300 Subject: [PATCH] release v1.2.0 (#24) --- .github/CODEOWNERS | 1 + .github/ISSUE_TEMPLATE/config.yml | 3 + .github/PULL_REQUEST_TEMPLATE.md | 18 +- .github/workflows/changelog_enforcer.yml | 5 + .github/workflows/dependency_review.yml | 13 +- .github/workflows/lint.yml | 14 +- ATTRIBUTION.md | 1099 ++++++++++++++++++++++ CHANGELOG.md | 43 +- CODE_OF_CONDUCT.md | 12 +- CONTRIBUTING.md | 8 +- README.md | 5 +- SECURITY.md | 146 +++ 12 files changed, 1332 insertions(+), 35 deletions(-) create mode 100644 .github/CODEOWNERS create mode 100644 ATTRIBUTION.md create mode 100644 SECURITY.md diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS new file mode 100644 index 0000000..667b7b0 --- /dev/null +++ b/.github/CODEOWNERS @@ -0,0 +1 @@ +* @Serpentiel diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml index 1e2699c..15ba076 100644 --- a/.github/ISSUE_TEMPLATE/config.yml +++ b/.github/ISSUE_TEMPLATE/config.yml @@ -2,3 +2,6 @@ contact_links: - name: 📖 Contributing Guidelines url: https://github.com/Serpentiel/template/blob/main/CONTRIBUTING.md about: Don't forget to check our contributing guidelines out! + - name: 🛡️ Security Policy + url: https://github.com/Serpentiel/template/blob/main/SECURITY.md + about: Our security policy is as important as contributing guidelines are, too! diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md index 605695c..2567f20 100644 --- a/.github/PULL_REQUEST_TEMPLATE.md +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -1,26 +1,30 @@ **About this change—what it does?** - + **What type of change is it?** +- [ ] Breaking change, i.e. fix or feature that would cause existing functionality to not work as expected - [ ] Bug fix, i.e. non-breaking change which fixes an issue +- [ ] Dependencies bump, i.e. upgrade of dependencies this project uses +- [ ] Documentation update, i.e. documentation-only change - [ ] New feature, i.e. non-breaking change which adds functionality -- [ ] Breaking change, i.e. fix or feature that would cause existing functionality to not work as expected +- [ ] Release, i.e. a roll out of a new version of the project + - [ ] This change requires a documentation update **Have you checked yourself twice?** -- [ ] My code follows the style guidelines of this project -- [ ] I have performed a self-review of my own code +- [ ] Any dependent changes have been merged and published in downstream modules +- [ ] I have added tests that prove my fix is effective or that my feature works +- [ ] I have checked my code and corrected any misspellings - [ ] I have commented my code, particularly in hard-to-understand areas - [ ] I have made corresponding changes to the documentation +- [ ] I have performed a self-review of my own code - [ ] My changes generate no new warnings -- [ ] I have added tests that prove my fix is effective or that my feature works -- [ ] Any dependent changes have been merged and published in downstream modules -- [ ] I have checked my code and corrected any misspellings +- [ ] My code follows the contributing guidelines of this project diff --git a/.github/workflows/changelog_enforcer.yml b/.github/workflows/changelog_enforcer.yml index 0a867ac..0c3129c 100644 --- a/.github/workflows/changelog_enforcer.yml +++ b/.github/workflows/changelog_enforcer.yml @@ -4,6 +4,11 @@ on: pull_request_target: branches: - main + - release-v* + +permissions: + contents: read + jobs: changelog-enforcer: runs-on: ubuntu-latest diff --git a/.github/workflows/dependency_review.yml b/.github/workflows/dependency_review.yml index c6a7a08..63fac98 100644 --- a/.github/workflows/dependency_review.yml +++ b/.github/workflows/dependency_review.yml @@ -1,9 +1,16 @@ name: Dependency Review on: - pull_request_target: - branches: - - main + - pull_request + +# TODO: This is currently not supported, see https://github.com/actions/dependency-review-action/issues/30. +# pull_request_target: +# branches: +# - main +# - release-v* + +permissions: + contents: read jobs: dependency-review: diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index ce30d8b..af6b535 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -4,12 +4,18 @@ on: pull_request_target: branches: - main + - release-v* + +permissions: + contents: read jobs: markdownlint: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 - - uses: DavidAnson/markdownlint-cli2-action@v6 - with: - globs: '**/*.md' + - uses: actions/checkout@v3 + - uses: DavidAnson/markdownlint-cli2-action@v6 + with: + globs: | + **/*.md + !LICENSE.md diff --git a/ATTRIBUTION.md b/ATTRIBUTION.md new file mode 100644 index 0000000..5b39269 --- /dev/null +++ b/ATTRIBUTION.md @@ -0,0 +1,1099 @@ + +
+ + +# Attribution + +A special thank you to the people and projects that helped make [PROJECT_NAME] possible. + + +
+ Table of Contents + +
+ + +## People + + +
+ + + +
+ + + +

(back to top)

+ + +## Projects + +Projects listed below are ordered alphabetically. + +### Aiven Terraform Provider + + + +```text +The MIT License (MIT) + +Copyright (c) 2017 jelmersnoeck +Copyright (c) 2018-2022 Aiven, Helsinki, Finland. https://aiven.io/ + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. +``` + +### Appium + + + +```text + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "{}" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright JS Foundation and other contributors, https://js.foundation + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +``` + +### Best-README-Template + + + +```text +MIT License + +Copyright (c) 2021 Othneil Drew + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. +``` + +### Changelog Enforcer + + + +```text +MIT License + +Copyright (c) 2019 GitHub Actions + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. +``` + +### Checkout + + + +```text + +The MIT License (MIT) + +Copyright (c) 2018 GitHub, Inc. and contributors + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. +``` + +### contributing-gen-web + + + +```text +MIT License + +Copyright (c) 2020 Tom C. Böttger + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. +``` + +### Contributor Covenant Code of Conduct + + + +```markdown +### Creative Commons Attribution 4.0 International Public License + +*Official translations of this legal tool are available in [other languages](#languages).* + +By exercising the Licensed Rights (defined below), You accept and agree to be bound by the terms and conditions of this +Creative Commons Attribution 4.0 International Public License ("Public License"). To the extent this Public License may +be interpreted as a contract, You are granted the Licensed Rights in consideration of Your acceptance of these terms and +conditions, and the Licensor grants You such rights in consideration of benefits the Licensor receives from making the +Licensed Material available under these terms and conditions. + +**Section 1 – Definitions.** + +1. **Adapted Material** means material subject to Copyright and Similar Rights that is derived from or based upon the + Licensed Material and in which the Licensed Material is translated, altered, arranged, transformed, or otherwise + modified in a manner requiring permission under the Copyright and Similar Rights held by the Licensor. For purposes + of this Public License, where the Licensed Material is a musical work, performance, or sound recording, Adapted + Material is always produced where the Licensed Material is synched in timed relation with a moving image. +2. **Adapter's License** means the license You apply to Your Copyright and Similar Rights in Your contributions to + Adapted Material in accordance with the terms and conditions of this Public License. +3. **Copyright and Similar Rights** means copyright and/or similar rights closely related to copyright including, + without limitation, performance, broadcast, sound recording, and Sui Generis Database Rights, without regard to how + the rights are labeled or categorized. For purposes of this Public License, the rights specified in + Section [2(b)(1)-(2)](#s2b) are not Copyright and Similar Rights. +4. **Effective Technological Measures** means those measures that, in the absence of proper authority, may not be + circumvented under laws fulfilling obligations under Article 11 of the WIPO Copyright Treaty adopted on December 20, + 1996, and/or similar international agreements. +5. **Exceptions and Limitations** means fair use, fair dealing, and/or any other exception or limitation to Copyright + and Similar Rights that applies to Your use of the Licensed Material. +6. **Licensed Material** means the artistic or literary work, database, or other material to which the Licensor applied + this Public License. +7. **Licensed Rights** means the rights granted to You subject to the terms and conditions of this Public License, which + are limited to all Copyright and Similar Rights that apply to Your use of the Licensed Material and that the Licensor + has authority to license. +8. **Licensor** means the individual(s) or entity(ies) granting rights under this Public License. +9. **Share** means to provide material to the public by any means or process that requires permission under the Licensed + Rights, such as reproduction, public display, public performance, distribution, dissemination, communication, or + importation, and to make material available to the public including in ways that members of the public may access the + material from a place and at a time individually chosen by them. +10. **Sui Generis Database Rights** means rights other than copyright resulting from Directive 96/9/EC of the European + Parliament and of the Council of 11 March 1996 on the legal protection of databases, as amended and/or succeeded, as + well as other essentially equivalent rights anywhere in the world. +11. **You** means the individual or entity exercising the Licensed Rights under this Public License. **Your** has a + corresponding meaning. + +**Section 2 – Scope.** + +1. **License grant**. +1. Subject to the terms and conditions of this Public License, the Licensor hereby grants You a worldwide, + royalty-free, non-sublicensable, non-exclusive, irrevocable license to exercise the Licensed Rights in the + Licensed Material to: +1. reproduce and Share the Licensed Material, in whole or in part; and +2. produce, reproduce, and Share Adapted Material. +2. Exceptions and Limitations. For the avoidance of doubt, where + Exceptions and Limitations apply to Your use, this Public License does not apply, and You do not need to comply + with its terms and conditions. + 3. Term. The term of this Public License is specified in + Section [6(a)](#s6a). + 4. Media and formats; technical modifications allowed. The Licensor + authorizes You to exercise the Licensed Rights in all media and formats whether now known or hereafter created, + and to make technical modifications necessary to do so. The Licensor waives and/or agrees not to assert any right + or authority to forbid You from making technical modifications necessary to exercise the Licensed Rights, + including technical modifications necessary to circumvent Effective Technological Measures. For purposes of this + Public License, simply making modifications authorized by this Section [2(a)(4)](#s2a4) never produces Adapted + Material. + 5. Downstream recipients. + +
+ + 1. Offer from the Licensor – Licensed Material. Every recipient + of the Licensed Material automatically receives an offer from the Licensor to exercise the Licensed Rights + under the terms and conditions of this Public License. + 2. No downstream restrictions. You may not offer or impose any + additional or different terms or conditions on, or apply any Effective Technological Measures to, the + Licensed Material if doing so restricts exercise of the Licensed Rights by any recipient of the Licensed + Material. + +
+ + 6. No endorsement. Nothing in this Public License constitutes or + may be construed as permission to assert or imply that You are, or that Your use of the Licensed Material is, + connected with, or sponsored, endorsed, or granted official status by, the Licensor or others designated to + receive attribution as provided in Section [3(a)(1)(A)(i)](#s3a1Ai). +2. **Other rights**. + + 1. Moral rights, such as the right of integrity, are not licensed under this Public License, nor are publicity, + privacy, and/or other similar personality rights; however, to the extent possible, the Licensor waives and/or + agrees not to assert any such rights held by the Licensor to the limited extent necessary to allow You to + exercise the Licensed Rights, but not otherwise. + 2. Patent and trademark rights are not licensed under this Public License. + 3. To the extent possible, the Licensor waives any right to collect royalties from You for the exercise of the + Licensed Rights, whether directly or through a collecting society under any voluntary or waivable statutory or + compulsory licensing scheme. In all other cases the Licensor expressly reserves any right to collect such + royalties. + +**Section 3 – License Conditions.** + +Your exercise of the Licensed Rights is expressly made subject to the following conditions. + +1. **Attribution**. + + 1. If You Share the Licensed Material (including in modified form), You must: + + 1. retain the following if it is supplied by the Licensor with the Licensed Material: + 1. identification of the creator(s) of the Licensed Material and any others designated to receive + attribution, in any reasonable manner requested by the Licensor (including by pseudonym if designated); + 2. a copyright notice; + 3. a notice that refers to this Public License; + 4. a notice that refers to the disclaimer of warranties; + 5. a URI or hyperlink to the Licensed Material to the extent reasonably practicable; + 2. indicate if You modified the Licensed Material and retain an indication of any previous modifications; and + 3. indicate the Licensed Material is licensed under this Public License, and include the text of, or the URI or + hyperlink to, this Public License. + 2. You may satisfy the conditions in Section [3(a)(1)](#s3a1) in any reasonable manner based on the medium, means, + and context in which You Share the Licensed Material. For example, it may be reasonable to satisfy the conditions + by providing a URI or hyperlink to a resource that includes the required information. + 3. If requested by the Licensor, You must remove any of the information required by Section [3(a)(1)(A)](#s3a1A) to + the extent reasonably practicable. + 4. If You Share Adapted Material You produce, the Adapter's License You apply must not prevent recipients of the + Adapted Material from complying with this Public License. + +**Section 4 – Sui Generis Database Rights.** + +Where the Licensed Rights include Sui Generis Database Rights that apply to Your use of the Licensed Material: + +1. for the avoidance of doubt, Section [2(a)(1)](#s2a1) grants You the right to extract, reuse, reproduce, and Share all + or a substantial portion of the contents of the database; +2. if You include all or a substantial portion of the database contents in a database in which You have Sui Generis + Database Rights, then the database in which You have Sui Generis Database Rights (but not its individual contents) is + Adapted Material; and +3. You must comply with the conditions in Section [3(a)](#s3a) if You Share all or a substantial portion of the contents + of the database. + +For the avoidance of doubt, this Section [4](#s4) supplements and does not replace Your obligations under this Public +License where the Licensed Rights include other Copyright and Similar Rights. + +**Section 5 – Disclaimer of Warranties and Limitation of Liability.** + +1. **Unless otherwise separately undertaken by the Licensor, to the extent possible, the Licensor offers the Licensed + Material as-is and as-available, and makes no representations or warranties of any kind concerning the Licensed + Material, whether express, implied, statutory, or other. This includes, without limitation, warranties of title, + merchantability, fitness for a particular purpose, non-infringement, absence of latent or other defects, accuracy, or + the presence or absence of errors, whether or not known or discoverable. Where disclaimers of warranties are not + allowed in full or in part, this disclaimer may not apply to You.** +2. **To the extent possible, in no event will the Licensor be liable to You on any legal theory (including, without + limitation, negligence) or otherwise for any direct, special, indirect, incidental, consequential, punitive, + exemplary, or other losses, costs, expenses, or damages arising out of this Public License or use of the Licensed + Material, even if the Licensor has been advised of the possibility of such losses, costs, expenses, or damages. Where + a limitation of liability is not allowed in full or in part, this limitation may not apply to You.** + +1. The disclaimer of warranties and limitation of liability provided above shall be interpreted in a manner that, to the + extent possible, most closely approximates an absolute disclaimer and waiver of all liability. + +**Section 6 – Term and Termination.** + +1. This Public License applies for the term of the Copyright and Similar Rights licensed here. However, if You fail to + comply with this Public License, then Your rights under this Public License terminate automatically. +2. Where Your right to use the Licensed Material has terminated under Section [6(a)](#s6a), it reinstates: + + 1. automatically as of the date the violation is cured, provided it is cured within 30 days of Your discovery of the + violation; or + 2. upon express reinstatement by the Licensor.For the avoidance of doubt, this Section [6(b)](#s6b) does not affect + any right the Licensor may have to seek remedies for Your violations of this Public License. +3. For the avoidance of doubt, the Licensor may also offer the Licensed Material under separate terms or conditions or + stop distributing the Licensed Material at any time; however, doing so will not terminate this Public License. +4. Sections [1](#s1), [5](#s5), [6](#s6), [7](#s7), and [8](#s8) survive termination of this Public License. + +**Section 7 – Other Terms and Conditions.** + +1. The Licensor shall not be bound by any additional or different terms or conditions communicated by You unless + expressly agreed. +2. Any arrangements, understandings, or agreements regarding the Licensed Material not stated herein are separate from + and independent of the terms and conditions of this Public License. + +**Section 8 – Interpretation.** + +1. For the avoidance of doubt, this Public License does not, and shall not be interpreted to, reduce, limit, restrict, + or impose conditions on any use of the Licensed Material that could lawfully be made without permission under this + Public License. +2. To the extent possible, if any provision of this Public License is deemed unenforceable, it shall be automatically + reformed to the minimum extent necessary to make it enforceable. If the provision cannot be reformed, it shall be + severed from this Public License without affecting the enforceability of the remaining terms and conditions. +3. No term or condition of this Public License will be waived and no failure to comply consented to unless expressly + agreed to by the Licensor. +4. Nothing in this Public License constitutes or may be interpreted as a limitation upon, or waiver of, any privileges + and immunities that apply to the Licensor or You, including from the legal processes of any jurisdiction or + authority. + +Creative Commons is not a party to its public licenses. Notwithstanding, Creative Commons may elect to apply one of its +public licenses to material it publishes and in those instances will be considered the “Licensor.” The text of the +Creative Commons public licenses is dedicated to the public domain under +the [CC0 Public Domain Dedication](//creativecommons.org/publicdomain/zero/1.0/legalcode). Except for the limited +purpose of indicating that material is shared under a Creative Commons public license or as otherwise permitted by the +Creative Commons policies published at [creativecommons.org/policies](//creativecommons.org/policies), Creative Commons +does not authorize the use of the trademark “Creative Commons” or any other trademark or logo of Creative Commons +without its prior written consent including, without limitation, in connection with any unauthorized modifications to +any of its public licenses or any other arrangements, understandings, or agreements concerning use of licensed material. +For the avoidance of doubt, this paragraph does not form part of the public licenses. + +Creative Commons may be contacted at [creativecommons.org](//creativecommons.org/). + +Additional languages +available: [Bahasa Indonesia](//creativecommons.org/licenses/by/4.0/legalcode.id) +, [Nederlands](//creativecommons.org/licenses/by/4.0/legalcode.nl) +, [norsk](//creativecommons.org/licenses/by/4.0/legalcode.no) +, [suomeksi](//creativecommons.org/licenses/by/4.0/legalcode.fi) +, [te reo Māori](//creativecommons.org/licenses/by/4.0/legalcode.mi) +, [українська](//creativecommons.org/licenses/by/4.0/legalcode.uk) +, [日本語](//creativecommons.org/licenses/by/4.0/legalcode.ja). Please read +the [FAQ](//wiki.creativecommons.org/FAQ#officialtranslations) for more information about official translations. +``` + +### contributors-img + + + +### Dependency Review + +```text +The MIT License (MIT) + +Copyright (c) 2022 GitHub, Inc. and contributors + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. +``` + +### Harbor + + + +```text + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright Project Harbor Authors + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +``` + +### Keep a Changelog + + + +```text +The MIT License (MIT) + +Copyright (c) 2014 Olivier Lacan + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. +``` + +### markdownlint-cli2-action + + + +```text +MIT License + +Copyright (c) 2021-2022 David Anson + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. +``` + +### Project Mu + + + +```text +BSD 2-Clause License + +Copyright (c) Microsoft +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + +* Redistributions of source code must retain the above copyright notice, this + list of conditions and the following disclaimer. + +* Redistributions in binary form must reproduce the above copyright notice, + this list of conditions and the following disclaimer in the documentation + and/or other materials provided with the distribution. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" +AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +``` + +### Shields.io + + + +```text +CC0 1.0 Universal + +Statement of Purpose + +The laws of most jurisdictions throughout the world automatically confer +exclusive Copyright and Related Rights (defined below) upon the creator and +subsequent owner(s) (each and all, an "owner") of an original work of +authorship and/or a database (each, a "Work"). + +Certain owners wish to permanently relinquish those rights to a Work for the +purpose of contributing to a commons of creative, cultural and scientific +works ("Commons") that the public can reliably and without fear of later +claims of infringement build upon, modify, incorporate in other works, reuse +and redistribute as freely as possible in any form whatsoever and for any +purposes, including without limitation commercial purposes. These owners may +contribute to the Commons to promote the ideal of a free culture and the +further production of creative, cultural and scientific works, or to gain +reputation or greater distribution for their Work in part through the use and +efforts of others. + +For these and/or other purposes and motivations, and without any expectation +of additional consideration or compensation, the person associating CC0 with a +Work (the "Affirmer"), to the extent that he or she is an owner of Copyright +and Related Rights in the Work, voluntarily elects to apply CC0 to the Work +and publicly distribute the Work under its terms, with knowledge of his or her +Copyright and Related Rights in the Work and the meaning and intended legal +effect of CC0 on those rights. + +1. Copyright and Related Rights. A Work made available under CC0 may be +protected by copyright and related or neighboring rights ("Copyright and +Related Rights"). Copyright and Related Rights include, but are not limited +to, the following: + + i. the right to reproduce, adapt, distribute, perform, display, communicate, + and translate a Work; + + ii. moral rights retained by the original author(s) and/or performer(s); + + iii. publicity and privacy rights pertaining to a person's image or likeness + depicted in a Work; + + iv. rights protecting against unfair competition in regards to a Work, + subject to the limitations in paragraph 4(a), below; + + v. rights protecting the extraction, dissemination, use and reuse of data in + a Work; + + vi. database rights (such as those arising under Directive 96/9/EC of the + European Parliament and of the Council of 11 March 1996 on the legal + protection of databases, and under any national implementation thereof, + including any amended or successor version of such directive); and + + vii. other similar, equivalent or corresponding rights throughout the world + based on applicable law or treaty, and any national implementations thereof. + +2. Waiver. To the greatest extent permitted by, but not in contravention of, +applicable law, Affirmer hereby overtly, fully, permanently, irrevocably and +unconditionally waives, abandons, and surrenders all of Affirmer's Copyright +and Related Rights and associated claims and causes of action, whether now +known or unknown (including existing as well as future claims and causes of +action), in the Work (i) in all territories worldwide, (ii) for the maximum +duration provided by applicable law or treaty (including future time +extensions), (iii) in any current or future medium and for any number of +copies, and (iv) for any purpose whatsoever, including without limitation +commercial, advertising or promotional purposes (the "Waiver"). Affirmer makes +the Waiver for the benefit of each member of the public at large and to the +detriment of Affirmer's heirs and successors, fully intending that such Waiver +shall not be subject to revocation, rescission, cancellation, termination, or +any other legal or equitable action to disrupt the quiet enjoyment of the Work +by the public as contemplated by Affirmer's express Statement of Purpose. + +3. Public License Fallback. Should any part of the Waiver for any reason be +judged legally invalid or ineffective under applicable law, then the Waiver +shall be preserved to the maximum extent permitted taking into account +Affirmer's express Statement of Purpose. In addition, to the extent the Waiver +is so judged Affirmer hereby grants to each affected person a royalty-free, +non transferable, non sublicensable, non exclusive, irrevocable and +unconditional license to exercise Affirmer's Copyright and Related Rights in +the Work (i) in all territories worldwide, (ii) for the maximum duration +provided by applicable law or treaty (including future time extensions), (iii) +in any current or future medium and for any number of copies, and (iv) for any +purpose whatsoever, including without limitation commercial, advertising or +promotional purposes (the "License"). The License shall be deemed effective as +of the date CC0 was applied by Affirmer to the Work. Should any part of the +License for any reason be judged legally invalid or ineffective under +applicable law, such partial invalidity or ineffectiveness shall not +invalidate the remainder of the License, and in such case Affirmer hereby +affirms that he or she will not (i) exercise any of his or her remaining +Copyright and Related Rights in the Work or (ii) assert any associated claims +and causes of action with respect to the Work, in either case contrary to +Affirmer's express Statement of Purpose. + +4. Limitations and Disclaimers. + + a. No trademark or patent rights held by Affirmer are waived, abandoned, + surrendered, licensed or otherwise affected by this document. + + b. Affirmer offers the Work as-is and makes no representations or warranties + of any kind concerning the Work, express, implied, statutory or otherwise, + including without limitation warranties of title, merchantability, fitness + for a particular purpose, non infringement, or the absence of latent or + other defects, accuracy, or the present or absence of errors, whether or not + discoverable, all to the greatest extent permissible under applicable law. + + c. Affirmer disclaims responsibility for clearing rights of other persons + that may apply to the Work or any use thereof, including without limitation + any person's Copyright and Related Rights in the Work. Further, Affirmer + disclaims responsibility for obtaining any necessary consents, permissions + or other rights required for any use of the Work. + + d. Affirmer understands and acknowledges that Creative Commons is not a + party to this document and has no duty or obligation with respect to this + CC0 or use of the Work. + +For more information, please see + +``` + + +

(back to top)

+ diff --git a/CHANGELOG.md b/CHANGELOG.md index 818614d..723ad01 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,15 +8,36 @@ to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). ## [Unreleased] + + + + + + + + + + + + + + + + + +## [1.2.0] - 2022-07-28 + ### Added -- `markdownlint` GitHub Actions workflow +- `lint.yml` GitHub Actions workflow featuring `markdownlint` - `dependabot.yml` GitHub config - `changelog_enforcer.yml` GitHub Actions workflow - `dependency_review.yml` GitHub Actions workflow +- `CODEOWNERS` +- `SECURITY.md` +- `ATTRIBUTION.md` - ### Changed @@ -26,21 +47,22 @@ to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). - Use dashes instead of underscores in workflows - Rename `LICENSE` to `LICENSE.md` - Return underscores to filenames under `.github` +- Enable workflows for PRs to release branches +- Exclude `LICENSE.md` from `markdownlint` +- Set GitHub Actions workflows permissions +- Update `README.md`, `CONTRIBUTING.md` and `.github/config.yml` with links to `SECURITY.md` +- Improve pull request template - - - - ### Removed - `enforce_changelog_entries.yml` GitHub Actions workflow - +### Fixed - - +- `dependency_review.yml` GitHub Actions workflow +- Styling in `CODE_OF_CONDUCT.md` and `SECURITY.md` ## [1.1.0] - 2022-07-28 @@ -72,7 +94,8 @@ to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). - The changelog -[Unreleased]: https://github.com/Serpentiel/template/compare/v1.1.0...HEAD +[Unreleased]: https://github.com/Serpentiel/template/compare/v1.2.0...HEAD +[1.2.0]: https://github.com/Serpentiel/template/compare/v1.1.0...v1.2.0 [1.1.0]: https://github.com/Serpentiel/template/compare/v1.0.1...v1.1.0 [1.0.1]: https://github.com/Serpentiel/template/compare/v1.0.0...v1.0.1 [1.0.0]: https://github.com/Serpentiel/template/releases/tag/v1.0.0 diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md index 3dc75f5..04723af 100644 --- a/CODE_OF_CONDUCT.md +++ b/CODE_OF_CONDUCT.md @@ -161,16 +161,14 @@ behavior, harassment of an individual, or aggression toward or disparagement of ## Attribution -This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 2.0, available -at . +This Code of Conduct is adapted from the [Contributor Covenant](https://contributor-covenant.org), version 2.0, +available at . Community Impact Guidelines were inspired -by [Mozilla's code of conduct enforcement ladder](https://github.com/mozilla/diversity). +by [Mozilla's Code of Conduct enforcement ladder](https://github.com/mozilla/diversity). -[homepage]: https://www.contributor-covenant.org - -For answers to common questions about this code of conduct, see the FAQ at . -Translations are available at . +For answers to common questions about this Code of Conduct, see the FAQ at . +Translations are available at .

(back to top)

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index b330cb2..91872a5 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -6,6 +6,7 @@ First off, thanks for taking the time to contribute! ❤️ + All types of contributions are encouraged and valued. See the [Table of Contents](#table-of-contents) for different ways to help and details about how this project handles them. Please make sure to read the relevant section before making your contribution. It will make it a lot easier for us maintainers and smooth out the experience for all involved. The @@ -89,7 +90,8 @@ expected to uphold this code. Please report unacceptable behavior via any contac ## I Have a Question -> **N.B.** If you want to ask a question, we assume that you have read the available [documentation]([DOCUMENTATION_URL]). +> **N.B.** If you want to ask a question, we assume that you have read the +> available [documentation]([DOCUMENTATION_URL]). Before you ask a question, it is best to search for existing [issues](https://github.com/Serpentiel/template/issues) that might help you. In case you have found a suitable issue and still need clarification, you can write your question @@ -140,8 +142,8 @@ following steps in advance to help us fix any potential bug as fast as possible. #### How Do I Submit a Good Bug Report? > **N.B.** You must never report security related issues, vulnerabilities or bugs including sensitive information to the -> issue tracker, or elsewhere in public. Instead sensitive bugs must be reported via any contact method available to -> you. +> issue tracker, or elsewhere in public. Instead sensitive bugs must be reported according to +> our [security policy](https://github.com/Serpentiel/template/blob/main/SECURITY.mdZ). We use GitHub Issues to track bugs and errors. If you run into an issue with the project: diff --git a/README.md b/README.md index 61cde4c..2886fa9 100644 --- a/README.md +++ b/README.md @@ -20,7 +20,7 @@

- Logo + Logo

[PROJECT_NAME]

[PROJECT_DESCRIPTION]

@@ -93,6 +93,9 @@ contributions you make are greatly appreciated. If you would like to contribute, please make sure to take a look at [this guideline](https://github.com/Serpentiel/template/blob/main/CONTRIBUTING.md) beforehand. +Please see our [security policy](https://github.com/Serpentiel/template/blob/main/SECURITY.md) to report any possible +vulnerabilities or serious issues. +

(back to top)

diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..45bcdff --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,146 @@ + +
+ + +# Security Policy + +[PROJECT_NAME] has adopted this security disclosure and response policy to ensure we responsibly handle critical +issues. + + +
+ Table of Contents + +
+ + +## Supported Versions + +The [PROJECT_NAME] project maintains release branches for the three most recent minor releases. Applicable fixes, +including security fixes, may be backported to those three release branches, depending on severity and feasibility. + + +

(back to top)

+ + +## Reporting a Vulnerability—Private Disclosure Process + +Security is of the highest importance and all security vulnerabilities or suspected security vulnerabilities should be +reported to [PROJECT_NAME] privately, to minimize attacks against current users of [PROJECT_NAME] before they are fixed. +Vulnerabilities will be investigated and patched on the next patch or minor release as soon as possible. This +information could be kept entirely internal to the project. + +If you know of a publicly disclosed security vulnerability for [PROJECT_NAME], please **IMMEDIATELY** contact us via any +contact method available to you to inform our team. + +> **N.B.** Do not file public issues on GitHub for security vulnerabilities. + +To report a vulnerability or a security-related issue, please contact us via any contact method available to you with +the details of the vulnerability. The message will be fielded by the our team, which is made up of [PROJECT_NAME] +maintainers who have committer and release permissions. Messages will be addressed within 3 business days, including a +detailed plan to investigate the issue and any potential workarounds to perform in the meantime. Do not report +non-security-impacting bugs through this channel. +Use [GitHub Issues](https://github.com/Serpentiel/template/issues/new/choose) instead. + +### Proposed Message Content + +Please, include the following information to your message: + +- Basic identity information, such as your name and your affiliation or company +- Detailed steps to reproduce the vulnerability, e.g. PoC, screenshots, depending on what seems relevant +- Description of the effects of the vulnerability on [PROJECT_NAME] and the related hardware and software + configurations, so that our team can reproduce it +- How the vulnerability affects [PROJECT_NAME] usage and an estimation of the attack surface, if there is one +- List other projects or dependencies that were used in conjunction with [PROJECT_NAME] to produce the vulnerability + + +

(back to top)

+ + +## When to Report a Vulnerability + +- When you think [PROJECT_NAME] has a potential security vulnerability +- When you suspect a potential vulnerability but you are unsure that it impacts [PROJECT_NAME] +- When you know of or suspect a potential vulnerability on another project that is used by [PROJECT_NAME], e.g. + dependencies of [PROJECT_NAME] + + +

(back to top)

+ + +## Patch, Release, and Disclosure + +Our team will respond to vulnerability reports as follows: + +1. Our team will investigate the vulnerability and determine its effects and criticality +2. If the issue is not deemed to be a vulnerability, our team will follow up with a detailed reason for rejection +3. Our team will initiate a conversation with the reporter within 3 business days +4. If a vulnerability is acknowledged and the timeline for a fix is determined, our team will work on a plan to + communicate with the appropriate community, including identifying mitigating steps that affected users can take to + protect themselves until the fix is rolled out +5. Our team will also create a [CVSS](https://first.org/cvss/specification-document) using + the [CVSS Calculator](https://first.org/cvss/calculator/3.0). Our team makes the final call on the calculated CVSS; + it is better to move quickly than making the CVSS perfect. Issues may also be reported + to [Mitre](https://cve.mitre.org/) using + this [scoring calculator](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator). The CVE will initially be set to + private +6. Our team will work on fixing the vulnerability and perform internal testing before preparing to roll out the fix +7. A public disclosure date is negotiated by our team and the bug submitter. We prefer to fully disclose the bug as soon + as possible once a user mitigation or patch is available. It is reasonable to delay disclosure when the bug or the + fix is not yet fully understood or the solution is not well-tested. The timeframe for disclosure is from + immediate—especially if it’s already publicly known—to a few weeks. For a critical vulnerability with a + straightforward mitigation, we expect report date to public disclosure date to be on the order of 14 business days. + Our team holds the final say when setting a public disclosure date +8. Once the fix is confirmed, our team will patch the vulnerability in the next patch or minor release, and + backport a patch release into all earlier supported releases. Upon release of the patched version of [PROJECT_NAME], + we will follow the [Public Disclosure Process](#public-disclosure-process) + +### Public Disclosure Process + +Our team publishes a public [advisory](https://github.com/Serpentiel/template/security/advisories) to the [PROJECT_NAME] +community via GitHub. In most cases, additional communication via Slack, Twitter, blog and other channels will assist in +educating [PROJECT_NAME] users and rolling out the patched release to affected users. + +Our team will also publish any mitigating steps users can take until the fix can be applied to their [PROJECT_NAME] +setup. + + +

(back to top)

+ + +## Confidentiality, Integrity and Availability + +We consider vulnerabilities leading to the compromise of data confidentiality, elevation of privilege, or integrity to +be our highest priority concerns. Availability, in particular in areas relating to DoS and resource exhaustion, is also +a serious security concern. Our team takes all vulnerabilities, potential vulnerabilities, and suspected vulnerabilities +seriously and will investigate them in an urgent and expeditious manner. + + +

(back to top)

+