Merge pull request #5 from MacPaw/develop

serhiidonii · web-flow · commit 55a9f2c2d474 · 2024-05-27T19:01:33.000+03:00
Release 1.0.1
diff --git a/.github/workflows/security.yaml b/.github/workflows/security.yaml
@@ -0,0 +1,24 @@
+on:
+  pull_request:
+  push:
+    branches: [ main, develop ]
+
+jobs:
+  security-checker:
+    name: Security checker
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - name: Setup PHP
+        uses: shivammathur/setup-php@v2
+
+      - name: Install dependencies
+        run: composer install --no-progress --no-interaction --prefer-dist
+
+      - name: Download local-php-security-checker
+        run: curl -s -L -o local-php-security-checker https://github.com/fabpot/local-php-security-checker/releases/download/v1.0.0/local-php-security-checker_1.0.0_linux_amd64
+
+      - name: Run local-php-security-checker
+        run: chmod +x local-php-security-checker && ./local-php-security-checker
diff --git a/.github/workflows/static_analyse.yaml b/.github/workflows/static_analyse.yaml
@@ -51,3 +51,22 @@ jobs:
 
       - name: Run script
         run: composer validate
+
+  security-checker:
+    name: Security checker
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - name: Setup PHP
+        uses: shivammathur/setup-php@v2
+
+      - name: Install dependencies
+        run: composer install --no-progress --no-interaction --prefer-dist
+
+      - name: Download local-php-security-checker
+        run: curl -s -L -o local-php-security-checker https://github.com/fabpot/local-php-security-checker/releases/download/v1.0.0/local-php-security-checker_1.0.0_linux_amd64
+
+      - name: Run local-php-security-checker
+        run: chmod +x local-php-security-checker && ./local-php-security-checker
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,23 @@
+# Security Policy
+
+## Reporting Security Issues
+If you believe you have found a security vulnerability in any MacPaw-owned repository, please report it to us through coordinated disclosure.
+
+Please do not report security vulnerabilities through public GitHub issues, discussions, or pull requests.
+
+Instead, please send an email to security[@]macpaw.com.
+
+Please include as much of the information listed below as you can to help us better understand and resolve the issue:
+
+- The type of issue (e.g., buffer overflow, SQL injection, or cross-site scripting)
+- Full paths of source file(s) related to the manifestation of the issue
+- The location of the affected source code (tag/branch/commit or direct URL)
+- Any special configuration required to reproduce the issue
+- Step-by-step instructions to reproduce the issue
+- Proof-of-concept or exploit code (if possible)
+- Impact of the issue, including how an attacker might exploit the issue
+
+This information will help us triage your report more quickly.
+
+## Policy
+See MacPaw's [Vulnerability Disclosure Policy](https://macpaw.com/vulnerability-disclosure-policy)
diff --git a/composer.json b/composer.json
@@ -38,6 +38,6 @@
         "symfony/http-kernel": "^6.4|^7.0",
         "symfony/routing": "^6.4|^7.0",
         "phpstan/phpstan-symfony": "^1.3",
-        "symfony/event-dispatcher": "^6.4"
+        "symfony/event-dispatcher": "^6.4|^7.0"
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -38,6 +38,6 @@`
`38`	`38`	`"symfony/http-kernel": "^6.4\|^7.0",`
`39`	`39`	`"symfony/routing": "^6.4\|^7.0",`
`40`	`40`	`"phpstan/phpstan-symfony": "^1.3",`
`41`		`- "symfony/event-dispatcher": "^6.4"`
	`41`	`+ "symfony/event-dispatcher": "^6.4\|^7.0"`
`42`	`42`	`}`
`43`	`43`	`}`