From 35f001862c1667af978347d78c0b8a6115b01766 Mon Sep 17 00:00:00 2001 From: Jay Linski Date: Sun, 23 Jul 2023 20:29:34 +0200 Subject: [PATCH] Create SECURITY.md Closes #1961. --- CONTRIBUTING.md | 10 +++++----- SECURITY.md | 15 +++++++++++++++ 2 files changed, 20 insertions(+), 5 deletions(-) create mode 100644 SECURITY.md diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 9b663119..f22f4af0 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1,16 +1,16 @@ # How to Contribute -## Reporting security issues +## Reporting Security Issues -Please don't open issues for security issues. Instead, file a report at https://www.npmjs.com/advisories/report?package=handlebars +Please refer to our [Security Policy](https://github.com/handlebars-lang/handlebars.js/blob/master/SECURITY.md). ## Reporting Issues -Please see our [FAQ](https://github.com/handlebars-lang/handlebars.js/blob/master/FAQ.md) for common issues that people run into. +Please refer to our [FAQ](https://github.com/handlebars-lang/handlebars.js/blob/master/FAQ.md) for common issues that people run into. Should you run into other issues with the project, please don't hesitate to let us know by filing an [issue][issue]! -In general we are going to ask for an **example** of the problem failing, which can be as simple as a jsfiddle/jsbin/etc. We've put together a jsfiddle **[template][jsfiddle]** to ease this. (We will keep this link up to date as new releases occur, so feel free to check back here). +In general, we are going to ask for an **example** of the problem failing, which can be as simple as a jsfiddle/jsbin/etc. We've put together a jsfiddle **[template][jsfiddle]** to ease this. (We will keep this link up to date as new releases occur, so feel free to check back here). Pull requests containing only failing tests demonstrating the issue are welcomed and this also helps ensure that your issue won't regress in the future once it's fixed. @@ -94,7 +94,7 @@ You can use the following scripts to make sure that the CI job does not fail: - **npm run lint** will run `eslint` and fail on warnings - **npm run format** will run `prettier` on all files - **npm run check-before-pull-request** will perform all most checks that our CI job does in its build-job, excluding the "integration-test". -- **npm run integration-test** will run integration tests (using old NodeJS versions and integrations with webpack, babel and so on) +- **npm run test:integration** will run integration tests (using old NodeJS versions and integrations with webpack, babel and so on) These tests only work on a Linux-machine with `nvm` installed (for running tests in multiple versions of NodeJS). ## Releasing the latest version diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 00000000..ef645e02 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,15 @@ +# Security Policy + +We recommend always using the latest versions of Handlebars and its official companion libraries to ensure your application remains as secure as possible. + +## Supported Versions + +| Version | Supported | +|---------| ------------------ | +| 5.0.x | :white_check_mark: | +| 4.7.x | :white_check_mark: | +| < 4.7 | :x: | + +## Reporting a Vulnerability + +To report a vulnerability, please visit https://github.com/handlebars-lang/handlebars.js/security.