Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add security policy and config for dependabot #52

Merged
merged 6 commits into from
Sep 21, 2023
Merged

Add security policy and config for dependabot #52

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
8a93370
Add config for dependabot
huong-li-nguyen Sep 21, 2023
40a0dfa
Merge branch 'main' into git/enable_dependabot
huong-li-nguyen Sep 21, 2023
c011514
Add changelog
huong-li-nguyen Sep 21, 2023
9bbf374
Add SECURITY.md
huong-li-nguyen Sep 21, 2023
9dcb5f6
Lint
huong-li-nguyen Sep 21, 2023
d84b5af
Update dependabot.yml
huong-li-nguyen Sep 21, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 19 additions & 0 deletions .github/dependabot.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
# To get started with Dependabot version updates, you'll need to specify which
# package ecosystems to update and where the package manifests are located.
# Please see the documentation for all configuration options:
# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates

version: 2
updates:
# Github Actions
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "monthly"
# Python
- package-ecosystem: "pip"
directory: "/"
schedule:
interval: "weekly"
labels:
- "dependencies"
31 changes: 31 additions & 0 deletions SECURITY.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
# Security Policy

Security is very important for Vizro and its community 🔒

If you believe you have found a security vulnerability, please report it to us as described below.

## Supported Versions

The latest version of Vizro is supported. We encourage you to update your Vizro version frequently, this way you will benefit from the latest features, bug fixes, and **security fixes**.

## Reporting a Vulnerability

**Please do not report security vulnerabilities through public GitHub issues to limit the potential impact on current users.**

If you think you found a vulnerability, and even if you are not sure about it, please report it right away by sending an email to: [email protected]

Please try to be as explicit as possible to help us better understand the nature and scope of the possible issue by providing:

- Type of issue (e.g. cross-site scripting, SQL injection, etc.)
- Impact of the issue, including how an attacker might exploit the issue
- Step-by-step instructions to reproduce the issue
- Example code or any special configuration to reproduce the issue
- Location of the affected source code (e.g. branch/commit/URL)

We will review it thoroughly and get back to you. If the issue is confirmed, we will release a patch as soon as possible.

---

Thanks for your help!

The Vizro team thanks you for that 🙇
42 changes: 42 additions & 0 deletions vizro-core/changelog.d/20230921_201427_huong_li_nguyen_enable_dependabot.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
<!--
A new scriv changelog fragment.

Uncomment the section that is right (remove the HTML comment wrapper).
-->

<!--
### Removed

- A bullet item for the Removed category.

-->
<!--
### Added

- A bullet item for the Added category.

-->
<!--
### Changed

- A bullet item for the Changed category.

-->
<!--
### Deprecated

- A bullet item for the Deprecated category.

-->
<!--
### Fixed

- A bullet item for the Fixed category.

-->
<!--
### Security

- A bullet item for the Security category.

-->
Loading