diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 37bf6ab6..e95ae8c6 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -77,9 +77,9 @@ jobs: const comments = await github.paginate(github.rest.issues.listComments, issue) let commentId = comments?.find(c => c.user.login === 'github-actions[bot]' && c.body.startsWith(body))?.id - body += `Release workflow run: ${workflow.html_url}\n\n#### Force CI to Rerun for This Release\n\n` + body += `Release workflow run: ${workflow.html_url}\n\n#### Force CI to Update This Release\n\n` body += `This PR will be updated and CI will run for every non-\`chore:\` commit that is pushed to \`main\`. ` - body += `To force CI to rerun, run this command:\n\n` + body += `To force CI to update this PR, run this command:\n\n` body += `\`\`\`\ngh workflow run release.yml -r ${REF_NAME}\n\`\`\`` if (commentId) { @@ -174,7 +174,7 @@ jobs: RELEASE_COMMENT_ID: ${{ needs.release.outputs.comment-id }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | - npm exec --offline -- template-oss-release-manager + npm exec --offline -- template-oss-release-manager --lockfile=false npm run rp-pull-request --ignore-scripts --if-present - name: Commit id: commit diff --git a/SECURITY.md b/SECURITY.md index a93106d0..4e7c26c6 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -1,3 +1,14 @@ -Please send vulnerability reports through [hackerone](https://hackerone.com/github). +GitHub takes the security of our software products and services seriously, including the open source code repositories managed through our GitHub organizations, such as [GitHub](https://github.com/GitHub). + +If you believe you have found a security vulnerability in this GitHub-owned open source repository, you can report it to us in one of two ways. + +If the vulnerability you have found is *not* [in scope for the GitHub Bug Bounty Program](https://bounty.github.com/#scope) or if you do not wish to be considered for a bounty reward, please report the issue to us directly using [private vulnerability reporting](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability). + +If the vulnerability you have found is [in scope for the GitHub Bug Bounty Program](https://bounty.github.com/#scope) and you would like for your finding to be considered for a bounty reward, please submit the vulnerability to us through [HackerOne](https://hackerone.com/github) in order to be eligible to receive a bounty award. + +**Please do not report security vulnerabilities through public GitHub issues, discussions, or pull requests.** + +Thanks for helping make GitHub safe for everyone. + diff --git a/package.json b/package.json index 473ad775..4993a689 100644 --- a/package.json +++ b/package.json @@ -55,7 +55,7 @@ }, "templateOSS": { "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", - "version": "4.8.0", + "version": "4.10.0", "content": "scripts/template-oss", "engines": ">=10", "distPaths": [