From 275144aef861cf8791af9e63f4c50824ed35f497 Mon Sep 17 00:00:00 2001 From: Bart van der Braak Date: Sun, 18 Feb 2024 16:26:56 +0100 Subject: [PATCH] feat: security and funding files and format docs --- .github/CODE_OF_CONDUCT.md | 24 ++++++++++++------------ .github/CONTRIBUTING.md | 2 ++ .github/FUNDING.yml | 1 + .github/PULL_REQUEST_TEMPLATE.md | 7 ++++++- .github/SECURITY.md | 30 ++++++++++++++++++++++++++++++ 5 files changed, 51 insertions(+), 13 deletions(-) create mode 100644 .github/FUNDING.yml create mode 100644 .github/SECURITY.md diff --git a/.github/CODE_OF_CONDUCT.md b/.github/CODE_OF_CONDUCT.md index 06de221..f3cda70 100644 --- a/.github/CODE_OF_CONDUCT.md +++ b/.github/CODE_OF_CONDUCT.md @@ -17,23 +17,23 @@ diverse, inclusive, and healthy community. Examples of behavior that contributes to a positive environment for our community include: -* Demonstrating empathy and kindness toward other people -* Being respectful of differing opinions, viewpoints, and experiences -* Giving and gracefully accepting constructive feedback -* Accepting responsibility and apologizing to those affected by our mistakes, +- Demonstrating empathy and kindness toward other people +- Being respectful of differing opinions, viewpoints, and experiences +- Giving and gracefully accepting constructive feedback +- Accepting responsibility and apologizing to those affected by our mistakes, and learning from the experience -* Focusing on what is best not just for us as individuals, but for the +- Focusing on what is best not just for us as individuals, but for the overall community Examples of unacceptable behavior include: -* The use of sexualized language or imagery, and sexual attention or +- The use of sexualized language or imagery, and sexual attention or advances of any kind -* Trolling, insulting or derogatory comments, and personal or political attacks -* Public or private harassment -* Publishing others' private information, such as a physical or email +- Trolling, insulting or derogatory comments, and personal or political attacks +- Public or private harassment +- Publishing others' private information, such as a physical or email address, without their explicit permission -* Other conduct which could reasonably be considered inappropriate in a +- Other conduct which could reasonably be considered inappropriate in a professional setting ## Enforcement Responsibilities @@ -106,7 +106,7 @@ Violating these terms may lead to a permanent ban. ### 4. Permanent Ban **Community Impact**: Demonstrating a pattern of violation of community -standards, including sustained inappropriate behavior, harassment of an +standards, including sustained inappropriate behavior, harassment of an individual, or aggression toward or disparagement of classes of individuals. **Consequence**: A permanent ban from any sort of public interaction within @@ -125,4 +125,4 @@ enforcement ladder](https://github.com/mozilla/diversity). For answers to common questions about this code of conduct, see the FAQ at https://www.contributor-covenant.org/faq. Translations are available at -https://www.contributor-covenant.org/translations. \ No newline at end of file +https://www.contributor-covenant.org/translations. diff --git a/.github/CONTRIBUTING.md b/.github/CONTRIBUTING.md index bdcc121..02b0354 100644 --- a/.github/CONTRIBUTING.md +++ b/.github/CONTRIBUTING.md @@ -18,11 +18,13 @@ To get started with contributing, please follow these steps: ## Code Style We follow a specific code style in this project to maintain consistency. Please make sure to adhere to the following guidelines by running ESLint and Prettier: + ```sh pnpm run format && pnpm run lint ``` Also: + - Follow naming conventions for variables, functions, and classes. - Write clear and concise comments to explain your code. diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml new file mode 100644 index 0000000..443167d --- /dev/null +++ b/.github/FUNDING.yml @@ -0,0 +1 @@ +custom: https://ko-fi.com/bartvdbraak diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md index 4606481..e761fed 100644 --- a/.github/PULL_REQUEST_TEMPLATE.md +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -1,10 +1,13 @@ ## Description + [Provide a brief description of the changes made in this pull request.] ## Related Issue + [Closes/Fixes/Resolves #Issue_Number] ## Checklist + Please make sure to review and check the following before submitting your pull request: - [ ] I have tested these changes locally and they work as intended. @@ -17,12 +20,15 @@ Please make sure to review and check the following before submitting your pull r - [ ] I have added appropriate labels and milestones (if applicable). ## Screenshots (if applicable) + [Add any relevant screenshots or images to assist in understanding the changes.] ## Additional Information (optional) + [Add any additional context or information about the changes made, if necessary.] ## Checklist for Reviewers (optional) + Reviewers can use this checklist as a guide while reviewing the pull request: - [ ] The changes fulfill the requirements of the related issue(s). @@ -31,4 +37,3 @@ Reviewers can use this checklist as a guide while reviewing the pull request: - [ ] The changes include appropriate test coverage. - [ ] The tests pass successfully. - [ ] The branch has been rebased onto the latest upstream changes (if necessary). - diff --git a/.github/SECURITY.md b/.github/SECURITY.md new file mode 100644 index 0000000..4e51a41 --- /dev/null +++ b/.github/SECURITY.md @@ -0,0 +1,30 @@ +# Security Policy + +## Supported Versions + +Use the latest version of Omnidash for the latest security updates. + +## Reporting Vulnerabilities + +To report a security issue, please email [bart@vanderbraak.nl](mailto:bart@vanderbraak.nl) with a detailed description and steps to reproduce. Do not file a public issue for security vulnerabilities. + +### Response Timeline + +We aim to respond to security reports within 48 hours, and to patch the issue within a reasonable timeframe depending on the severity. + +### Responsible Disclosure + +Please allow us a reasonable timeframe to address the issue before publicly disclosing it. + +### Acknowledgements + +We appreciate the responsible disclosure of issues by our users and will acknowledge contributors in our release notes. + +## Security Best Practices + +- Ensure you are running the latest version of Omnidash. +- Follow secure password and authentication practices. + +## Contact Alternatives + +If you are unable to send an email, please open an issue on GitHub without disclosing details such that we can establish a alternative form of communication.