Update docs links #704
Merged
Update docs links #704
+6
−12
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: dodo920306 <[email protected]>
Bumps the npm_and_yarn group with 3 updates in the /src/dashboard directory: [body-parser](https://github.com/expressjs/body-parser), [express](https://github.com/expressjs/express) and [pbkdf2](https://github.com/crypto-browserify/pbkdf2). Updates `body-parser` from 1.20.3 to 2.0.0 - [Release notes](https://github.com/expressjs/body-parser/releases) - [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md) - [Commits](expressjs/body-parser@1.20.3...2.0.0) Updates `express` from 4.21.2 to 5.0.0 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.21.2...v5.0.0) Updates `pbkdf2` from 3.1.2 to 3.1.3 - [Changelog](https://github.com/browserify/pbkdf2/blob/master/CHANGELOG.md) - [Commits](browserify/pbkdf2@v3.1.2...v3.1.3) --- updated-dependencies: - dependency-name: body-parser dependency-version: 2.0.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: express dependency-version: 5.0.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: pbkdf2 dependency-version: 3.1.3 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: dodo920306 <[email protected]>
Signed-off-by: dodo920306 <[email protected]>
yeasy
reviewed
Jun 30, 2025
SECURITY.md
Outdated
| If you think you have discovered a security issue in any of the Hyperledger projects, we'd love to hear from you. We will take all security bugs seriously and if confirmed upon investigation we will patch it within a reasonable amount of time and release a public security bulletin discussing the impact and credit the discoverer. | ||
|
|
||
| There are two ways to report a security bug. The easiest is to email a description of the flaw and any related information (e.g. reproduction steps, version) to [security at hyperledger dot org](mailto:[email protected]). | ||
| There are two ways to report a security bug. The easiest is to email a description of the flaw and any related information (e.g. reproduction steps, version) to [security at lists dot hyperledger dot org](mailto:security@lists.hyperledger.org). |
Contributor
There was a problem hiding this comment.
From https://www.lfdecentralizedtrust.org/, we should use the hackerone to report security bugs.
Contributor
Author
There was a problem hiding this comment.
OK. Should we also include GitHub Security Advisories as a way to do so?
Contributor
Author
There was a problem hiding this comment.
Contributor
There was a problem hiding this comment.
Guess LFDT has its own security advisory, but we can also mention the github one.
yeasy
reviewed
Jun 30, 2025
SECURITY.md
Outdated
| The other way is to file a confidential security bug in our [JIRA bug tracking system](https://jira.hyperledger.org). Be sure to set the “Security Level” to “Security issue”. | ||
|
|
||
| The process by which the Hyperledger Security Team handles security bugs is documented further in our [Defect Response page](https://wiki.hyperledger.org/display/HYP/Defect+Response) on our [wiki](https://wiki.hyperledger.org). | ||
| The other way is to file a confidential security bug in our [GitHub Issues](https://github.com/hyperledger-cello/cello/issues). |
Contributor
There was a problem hiding this comment.
github issues are public, so it's not a good way to report security bug. Let's remove this way.
Since GitHub issues are public, it's not a good way to report security vulnerabilities there, so they should be removed from SECURITY.md as a proper way to do so. Signed-off-by: Yu-Lin "Kirin" Chu <[email protected]>
Signed-off-by: Yu-Lin "Kirin" Chu <[email protected]>
yeasy
reviewed
Jul 5, 2025
| * [Mail List](mailto:hyperledger-cello@lists.hyperledger.org): General technical topics with Cello project. | ||
| * [Wikipage](https://lf-hyperledger.atlassian.net/wiki/spaces/cello/overview): Lots of information and documentation about the project, e.g., meeting schedule, design doc. | ||
| * [Mail List](mailto:cello@lists.lfdecentralizedtrust.org): General technical topics with Cello project. | ||
| * [Discord](https://discord.gg/hyperledger): Real-time online discussions. |
Contributor
There was a problem hiding this comment.
We are not using discord now. So better remove this line.
yeasy
approved these changes
Jul 7, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.