feat: Add security policy #2253
Merged
+105
−0
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
wfernandes
approved these changes
Mar 6, 2025
marckhouzam
approved these changes
Mar 7, 2025
Collaborator
marckhouzam
left a comment
marckhouzam
left a comment
There was a problem hiding this comment.
Nice!
Is that Google group created already?
Collaborator
Author
Yes! Just created it! |
Signed-off-by: John McBirde <[email protected]>
There was a problem hiding this comment.
PR Overview
This PR adds a comprehensive security policy outlining how to report vulnerabilities, the response process, and best practices for both users and contributors.
- Introduces guidelines for reporting vulnerabilities
- Details the response process and disclosure for security issues
- Provides best practices for users and contributors regarding security
Reviewed Changes
| File | Description |
|---|---|
| SECURITY.md | New security policy document with reporting and response details |
Copilot reviewed 1 out of 1 changed files in this pull request and generated no comments.
Comments suppressed due to low confidence (2)
SECURITY.md:5
- Ensure that the use of 'cobra' as the repository name is intentional. If this policy is intended for a different project, please update the references accordingly.
The `cobra` maintainers take security issues seriously and
SECURITY.md:101
- [nitpick] Consider removing the extra exclamation mark to maintain a professional and neutral tone.
The `cobra` maintainers would like to thank all security researchers and community members who help keep cobra, its users, and the entire Go ecosystem secure through responsible disclosures!!
project-mirrors-bot-tu bot
pushed a commit
to project-mirrors/forgejo-runner
that referenced
this pull request
Sep 1, 2025
This PR contains the following updates: | Package | Change | Age | Confidence | |---|---|---|---| | [github.com/spf13/cobra](https://github.com/spf13/cobra) | `v1.9.1` -> `v1.10.1` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>spf13/cobra (github.com/spf13/cobra)</summary> ### [`v1.10.1`](https://github.com/spf13/cobra/releases/tag/v1.10.1) [Compare Source](spf13/cobra@v1.10.0...v1.10.1) ##### 🐛 Fix - chore: upgrade pflags v1.0.9 by [@​jpmcb](https://github.com/jpmcb) in [#​2305](spf13/cobra#2305) v1.0.9 of pflags brought back `ParseErrorsWhitelist` and marked it as deprecated **Full Changelog**: <spf13/cobra@v1.10.0...v1.10.1> ### [`v1.10.0`](https://github.com/spf13/cobra/releases/tag/v1.10.0) [Compare Source](spf13/cobra@v1.9.1...v1.10.0) #### What's Changed ##### 🚨 Attention! - Bump pflag to 1.0.8 by [@​tomasaschan](https://github.com/tomasaschan) in [#​2303](spf13/cobra#2303) This version of `pflag` carried a breaking change: it renamed `ParseErrorsWhitelist` to `ParseErrorsAllowlist` which can break builds if both `pflag` and `cobra` are dependencies in your project. - If you use both `pflag and `cobra`, upgrade `pflag`to 1.0.8 and`cobra`to`1.10.0\` - ***or*** use the newer, fixed version of `pflag` v1.0.9 which keeps the deprecated `ParseErrorsWhitelist` More details can be found here: [#​2303 (comment)](spf13/cobra#2303 (comment)) ##### ✨ Features - Flow context to command in SetHelpFunc by [@​Frassle](https://github.com/Frassle) in [#​2241](spf13/cobra#2241) - The default ShellCompDirective can be customized for a command and its subcommands by [@​albers](https://github.com/albers) in [#​2238](spf13/cobra#2238) ##### 🐛 Fix - Upgrade golangci-lint to v2, address findings by [@​scop](https://github.com/scop) in [#​2279](spf13/cobra#2279) ##### 🪠 Testing - Test with Go 1.24 by [@​harryzcy](https://github.com/harryzcy) in [#​2236](spf13/cobra#2236) - chore: Rm GitHub Action PR size labeler by [@​jpmcb](https://github.com/jpmcb) in [#​2256](spf13/cobra#2256) ##### 📝 Docs - Remove traling curlybrace by [@​yedayak](https://github.com/yedayak) in [#​2237](spf13/cobra#2237) - Update command.go by [@​styee](https://github.com/styee) in [#​2248](spf13/cobra#2248) - feat: Add security policy by [@​jpmcb](https://github.com/jpmcb) in [#​2253](spf13/cobra#2253) - Update Readme (Warp) by [@​ericdachen](https://github.com/ericdachen) in [#​2267](spf13/cobra#2267) - Add Periscope to the list of projects using Cobra by [@​anishathalye](https://github.com/anishathalye) in [#​2299](spf13/cobra#2299) #### New Contributors - [@​harryzcy](https://github.com/harryzcy) made their first contribution in [#​2236](spf13/cobra#2236) - [@​yedayak](https://github.com/yedayak) made their first contribution in [#​2237](spf13/cobra#2237) - [@​Frassle](https://github.com/Frassle) made their first contribution in [#​2241](spf13/cobra#2241) - [@​styee](https://github.com/styee) made their first contribution in [#​2248](spf13/cobra#2248) - [@​ericdachen](https://github.com/ericdachen) made their first contribution in [#​2267](spf13/cobra#2267) - [@​albers](https://github.com/albers) made their first contribution in [#​2238](spf13/cobra#2238) - [@​anishathalye](https://github.com/anishathalye) made their first contribution in [#​2299](spf13/cobra#2299) - [@​tomasaschan](https://github.com/tomasaschan) made their first contribution in [#​2303](spf13/cobra#2303) **Full Changelog**: <spf13/cobra@v1.9.1...v1.9.2> </details> --- ### Configuration 📅 **Schedule**: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC), Automerge - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS45MS4yIiwidXBkYXRlZEluVmVyIjoiNDEuOTEuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiS2luZC9DaG9yZSIsInJ1bi1lbmQtdG8tZW5kLXRlc3RzIl19--> <!--start release-notes-assistant--> <!--URL:https://code.forgejo.org/forgejo/runner--> - other - [PR](https://code.forgejo.org/forgejo/runner/pulls/930): <!--number 930 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL3NwZjEzL2NvYnJhIHRvIHYxLjEwLjE=-->Update module github.com/spf13/cobra to v1.10.1<!--description--> <!--end release-notes-assistant--> Reviewed-on: https://code.forgejo.org/forgejo/runner/pulls/930 Reviewed-by: earl-warren <[email protected]> Co-authored-by: Renovate Bot <[email protected]> Co-committed-by: Renovate Bot <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Closes #1658
Maintainers and community: please review this policy and let us know if there's something missing!
cc @marckhouzam @spf13