diff --git a/.releaserc b/.releaserc index 54f32e0..a014ae5 100644 --- a/.releaserc +++ b/.releaserc @@ -4,7 +4,48 @@ ], "plugins": [ "@semantic-release/commit-analyzer", - "@semantic-release/release-notes-generator", + [ + "@semantic-release/release-notes-generator", + { + "preset": "conventionalcommits", + "presetConfig": { + "types": [ + { + "type": "feat", + "section": "Features" + }, + { + "type": "fix", + "section": "Bug Fixes" + }, + { + "type": "chore", + "section": "Miscellaneous Chores" + }, + { + "type": "docs", + "section": "Documentation" + }, + { + "type": "style", + "hidden": true + }, + { + "type": "refactor", + "hidden": true + }, + { + "type": "perf", + "hidden": true + }, + { + "type": "test", + "hidden": true + } + ] + } + } + ], "@semantic-release/npm", "@semantic-release/github" ] diff --git a/LICENSE b/LICENSE.md similarity index 100% rename from LICENSE rename to LICENSE.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..34a05d8 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,48 @@ +# Security Policy + +## Supported Versions + +The following versions of JS Validator are currently being supported with security updates: + +| Version | Supported | +| ------- | ------------------ | +| 1.4.4 | :white_check_mark: | +| < 1.4.4 | :x: | + +## Reporting a Vulnerability + +The safety and security of JS Validator is a top priority. If you believe you have found a security vulnerability in any version of JS Validator, please follow these steps to report it: + +1. **Do Not Post It Publicly**: Please do not post vulnerabilities publicly on forums, social media, or other platforms. We want to mitigate any potential harm to users by keeping the issue confidential until a fix is available. + +2. **Email Your Report**: Send an email to the security team at `security@vmgware.dev`. Include a detailed report of the vulnerability, including the affected version, potential impact, and any steps to reproduce it. If possible, provide suggestions for how the vulnerability can be mitigated or fixed. + +3. **Wait for Response**: Our security team will review your report and respond as quickly as possible. We appreciate your patience as we work to confirm and address the vulnerability. + +4. **Disclosure Timing**: Please allow us a reasonable amount of time to fix the issue before any public disclosure. We aim to handle all security reports with the utmost urgency and care. + +5. **Acknowledgment**: Contributors who report a valid security vulnerability will be acknowledged in the project's release notes, once the issue has been resolved. If you wish to remain anonymous, please let us know in your report. + +## Security Patch Process + +Upon receiving a security vulnerability report, our team will: + +1. Confirm the vulnerability and determine its severity. +2. Develop a security patch or workaround. +3. Test the patch to ensure it effectively resolves the vulnerability without introducing new issues. +4. Release an updated version of JS Validator with the patch. +5. Publicly disclose the details of the vulnerability and its fix, acknowledging the reporter (unless anonymity is requested). + +## Security Best Practices for Users + +- **Stay Updated**: Always use the latest version of JS Validator. Older versions may contain security vulnerabilities that have been fixed in newer releases. +- **Review Validation Rules**: Regularly review your validation rules and configurations to ensure they meet your current security requirements. +- **Monitor for Updates**: Keep an eye on the project repository and update notifications to stay informed about new releases and security patches. + +## Contact Information + +For any security concerns or inquiries, please contact `security@vmgware.dev`. + +--- + +This security policy is subject to change. Please refer to the latest version in the project repository for current guidelines and procedures. Your contributions in keeping JS Validator secure are greatly appreciated. diff --git a/package-lock.json b/package-lock.json index 25a1469..820bc32 100644 --- a/package-lock.json +++ b/package-lock.json @@ -17,6 +17,7 @@ "@types/jest": "^29.5.10", "@typescript-eslint/eslint-plugin": "^6.13.1", "@typescript-eslint/parser": "^6.13.1", + "conventional-changelog-conventionalcommits": "^7.0.2", "eslint": "^8.54.0", "jest": "^29.7.0", "semantic-release": "^22.0.12", @@ -3577,6 +3578,18 @@ "node": ">=16" } }, + "node_modules/conventional-changelog-conventionalcommits": { + "version": "7.0.2", + "resolved": "https://registry.npmjs.org/conventional-changelog-conventionalcommits/-/conventional-changelog-conventionalcommits-7.0.2.tgz", + "integrity": "sha512-NKXYmMR/Hr1DevQegFB4MwfM5Vv0m4UIxKZTTYuD98lpTknaZlSRrDOG4X7wIXpGkfsYxZTghUN+Qq+T0YQI7w==", + "dev": true, + "dependencies": { + "compare-func": "^2.0.0" + }, + "engines": { + "node": ">=16" + } + }, "node_modules/conventional-changelog-writer": { "version": "7.0.1", "resolved": "https://registry.npmjs.org/conventional-changelog-writer/-/conventional-changelog-writer-7.0.1.tgz", diff --git a/package.json b/package.json index f2d00e6..7a0690e 100644 --- a/package.json +++ b/package.json @@ -32,6 +32,7 @@ "@types/jest": "^29.5.10", "@typescript-eslint/eslint-plugin": "^6.13.1", "@typescript-eslint/parser": "^6.13.1", + "conventional-changelog-conventionalcommits": "^7.0.2", "eslint": "^8.54.0", "jest": "^29.7.0", "semantic-release": "^22.0.12",