From 15ea3a5df02964ea426b284dc358c291b848263e Mon Sep 17 00:00:00 2001
From: Biold <164292601+Biold@users.noreply.github.com>
Date: Thu, 21 Mar 2024 14:09:51 -0500
Subject: [PATCH] Create SECURITY.md
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Skip to content
gr2m

Overview
Repositories
499
Projects
Packages
2
Stars
277
Sponsoring
5
View gr2m's full-sized avatar
🧚
Gregor Martynus
gr2m
Community Engineer 🔧🤓🌈✨
 1.4k followers · 8 following
@mattt
Followed by mattt and 1 more
@github @octokit @octoherd @probot @nock @semantic-release @allcontributors
Los Angeles
11:23 - 2h behind
https://dev.to/gr2m
@gr2m
gr2m
Sponsors
@sycofly
@mkmrtn
@ljharb
@lukekarrys
@checkly
@miloserdow
@getsentry
@codecov
@FrontendMasters
@mrhenry
Sponsoring
@coilysiren
@M0nica
@tatianamac
@prophen
@babblebey
Achievements
Achievement: Pair Extraordinairex4
Achievement: YOLO
Achievement: Quickdraw
Achievement: Galaxy Brainx4
Achievement: Arctic Code Vault Contributor
Achievement: Starstruckx3
Achievement: Public Sponsor
Achievement: Pull Sharkx4
BetaSend feedback
Organizations
@hoodiehq @AfricaHackTrip @noBackend @semantic-release @nock @rename-master-branch-test @octoherd @repository-settings
gr2m/README.md
Hi there 👋
I'm the maintainer of the JavaScript Octokit – GitHub's official JavaScript SDK.

If you have any questions about GitHub's APIs or automation, and you think it would be interesting for others, too, please create an issue in my helpdesk repository. Questions by people new to coding are strongly encouraged! I do semi-regular live shows about exploring and hopefully answering your questions on my twitch channel: twitch.tv/gregorcodes

You can also ask and follow me on Twitter: twitter.com/gr2m

Upcoming shows
Past shows
Refactoring a 10+ years old code base: nock (Part VII)
Refactoring a 10+ years old code base: nock (Part VI)
Refactoring a 10+ years old code base: nock (Part V)
Refactoring a 10+ years old code base: nock (Part IV)
Refactoring a 10+ years old code base: nock (Part III)
Refactoring a 10+ years old code base: nock (Part II)
Refactoring a 10+ years old code base: nock
Automating gr2m/helpdesk: Twitch Events
Creating tests for actions for faster iteration Part III
Creating tests for actions for faster iteration Part II
Creating tests for actions for faster iteration
Automating gr2m/helpdesk: Issue Forms part III
Automating gr2m/helpdesk: issue forms part II
Running scheduled GitHub App tasks using Actions
Automating gr2m/helpdesk: issue forms
How to update lock files silently (Part III)
Automating gr2m/helpdesk: comment on issue when show begins
Advanced TypeScript for the future Octokit SDK with @orta
Automating gr2m/helpdesk, Episode VI
Automating gr2m/helpdesk, Episode V
How to update lock files silently (Part II)
How to update lock files silently
Automating gr2m/helpdesk, Episode IV
transfer issues + comments between repositories while retaining authorship, labels, and milestones
30 Minutes to Merge: Automating nose booping using Actions with @github
Automating gr2m/helpdesk, Episode III
copy GitHub repositories with issues, labels, milestones, and assignees
Automating gr2m/helpdesk, Episode II
Slash commands & rebasing pull requests with @davidguttman
Learn with Jason: GitHub Automation with Octokit with @jlengstorf
Automating gr2m/helpdesk, Episode I
Script Kit meets Octokit with @johnlindquist
GitHub Action Artifacts with @reconbot
Octokit automation: OpenAPI
Create a cowsay GitHub Action with JavaScript
GitHub Enterprise repository auditing with @jeffwilcox
Pinned
 octokit/octokit.js Public
The all-batteries-included GitHub SDK for Browsers, Node.js, and Deno.

 TypeScript  6.7k  976

 octoherd/octoherd Public
Manage multiple repository updates all at once.

 121  5

 probot/probot Public
🤖 A framework for building GitHub Apps to automate and improve your workflow

 TypeScript  8.7k  913

 all-contributors/all-contributors Public
✨ Recognize all contributors, not just the ones who push code ✨

 HTML  7.4k  1.7k

 semantic-release/semantic-release Public
📦🚀 Fully automated version management and package publishing

 JavaScript  19.6k  1.6k

 nock/nock Public
HTTP server mocking and expectations library for Node.js

 JavaScript  12.5k  731

8,413 contributions in 2023
Contribution Graph
Day of Week	JanuaryJan	FebruaryFeb	MarchMar	AprilApr	MayMay	JuneJun	JulyJul	AugustAug	SeptemberSep	OctoberOct	NovemberNov	DecemberDec
SundaySun
MondayMon
TuesdayTue
WednesdayWed
ThursdayThu
FridayFri
SaturdaySat
Learn how we count contributions
Less
No contributions.
Low contributions.
Medium-low contributions.
Medium-high contributions.
High contributions.
More
 @semantic-release
 @nock
 @octoherd
 More
Activity overview
Contributed to processing/p5.js, actions/create-github-app-token, octokit/graphql-schema and 211 other repositories
45%
Code review
6%
Issues
7%
Pull requests
42%
Commits
Contribution activity
March 2024
Created a pull request in octokit/request-action that received 1 comment
Mar 6
test CI for #293
Upgrade to Node 20 Use node 20 in test workflow

+5 −5  lines changed •1 comment
Created an issue in hearts-testing/demo that received 2 comments
Mar 7
Test issue
hi there

2 comments
156 contributions in private repositoriesMar 1 – Mar 21
February 2024
Created a pull request in wip/app that received 3 comments
Feb 12
fix: revert to Probot v12 again
This reverts commit cdba9f7. This should fix #660

+1,033 −487  lines changed •3 comments
Created an issue in jsla/lunch.js that received 9 comments
Feb 13
Baldwin Hills / Crenshaw / Leimert Park - March 5th, 2024
Baldwin Hills / Crenshaw / Leimert Park Next lunch is March 5th, 2024 at 12:30 PM @ ORA Championed By: Gregor Martynus @gr2m New location! ORA is w…

9 comments
 GitHub REST API CORS error when trying to download public repository git archive
This contribution was made on Feb 21Feb 21
490 contributions in private repositoriesFeb 1 – Feb 29
January 2024
 gr2m/github-app-webhook-relay-polling
 JavaScript
This contribution was made on Jan 28Jan 28
Created a pull request in project-forms/project-forms.github.io that received 2 comments
Jan 3
fix: do not render login form after OAuth redirect from GitHub
closes #7

+20 −22  lines changed •2 comments
Created an issue in jsla/lunch.js that received 8 comments
Jan 9
Baldwin Hills / Crenshaw / Leimert Park - February 6th, 2024
Baldwin Hills / Crenshaw / Leimert Park Next lunch is February 6th, 2024 at 12:30 PM @ ORA Championed By: Gregor Martynus @gr2m New location! ORA i…

8 comments
 Figure out setting VITE_FRONTEND_BASE_URL dynamically for Netlify preview URLs
This contribution was made on Jan 30Jan 30
 Remove hardcoded redirectUrl, it should be set dynamically dependend on environment (local, netlify preview, production)
This contribution was made on Jan 24Jan 24
 Create end-to-end test with playwright
This contribution was made on Jan 10Jan 10
 Create integration test
This contribution was made on Jan 10Jan 10
241 contributions in private repositoriesJan 2 – Jan 31
December 2023
project-forms/project-forms.github.io
3 commits
octokit/rest.js
3 commits
gr2m/merge-dependency-update-prs
1 commit
octokit/types.ts
1 commit
semantic-release/semantic-release
1 commit
octokit/auth-unauthenticated.js
1 commit
Created a pull request in actions/create-github-app-token that received 18 comments
Dec 16
feat: github-api-url
closes #77

+107 −55  lines changed •18 comments
Created an issue in project-forms/project-forms.github.io that received 1 comment
Dec 20
Try out react-error-boundary
https://github.com/bvaughn/react-error-boundary

1 comment
186 contributions in private repositoriesDec 1 – Dec 30
November 2023
Created a pull request in probot/twitter that received 5 comments
Nov 16
Create v13-beta.tweet
Let's see if this thing is still working 🤣

+6 −0  lines changed •5 comments
Created an issue in github/gh-copilot that received 12 comments
Nov 8
[DOCS]: What OAuth scope is required for gh copilot?
Describe the need ➜ ~ gh copilot suggest "Receive webhooks locally" ✗ Error: No valid OAuth token detected I use a local GITHUB_TOKEN environment …

12 comments
 Pushing to PR protected branch with token obtained from this action
This contribution was made on Nov 3Nov 3
345 contributions in private repositoriesNov 1 – Nov 30
Seeing something unexpected? Take a look at the GitHub profile guide.

Footer
© 2024 GitHub, Inc.
Footer navigation
Terms
Privacy
Security
Status
Docs
Contact
Manage cookies
Do not share my personal information
You are following gr2m
---
 SECURITY.md | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..034e848
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,21 @@
+# Security Policy
+
+## Supported Versions
+
+Use this section to tell people about which versions of your project are
+currently being supported with security updates.
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 5.1.x   | :white_check_mark: |
+| 5.0.x   | :x:                |
+| 4.0.x   | :white_check_mark: |
+| < 4.0   | :x:                |
+
+## Reporting a Vulnerability
+
+Use this section to tell people how to report a vulnerability.
+
+Tell them where to go, how often they can expect to get an update on a
+reported vulnerability, what to expect if the vulnerability is accepted or
+declined, etc.