docs: add tidelift/security

2021-02-25 14:04:08 +00:00 · 2021-02-25 14:04:08 +00:00 · d710226d35
parent bbf40d242b
commit d710226d35
4 changed files with 19 additions and 5 deletions
--- a/.github/FUNDING.yml
+++ b/.github/FUNDING.yml
@ -1,2 +1,3 @@
 github: casperdcl
 custom: https://caspersci.uk.to/donate
+tidelift: pypi/tqdm
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@ -1,8 +1,8 @@
 blank_issues_enabled: false
 contact_links:
-  - name: "FAQs and Known Issues"
+  - name: FAQs and Known Issues
    url: https://github.com/tqdm/tqdm/#faq-and-known-issues
-    about: "Frequently asked questions and known issues"
+    about: Frequently asked questions and known issues
  - name: "StackOverflow#tqdm"
    url: https://stackoverflow.com/questions/tagged/tqdm
    about: "Stack Overflow questions tagged #tqdm"
--- a/.github/SECURITY.md
+++ b/.github/SECURITY.md
@ -0,0 +1,14 @@
+# Security Policy
+
+## Supported Versions
+
+| Version     | Supported          |
+| ----------- | ------------------ |
+| >= 4.11.2   | :white_check_mark: |
+| < 4.11.2    | :x:                |
+
+## Security contact information
+
+To report a security vulnerability, please use the
+[Tidelift security contact](https://tidelift.com/security).
+Tidelift will coordinate the fix and disclosure.
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@ -131,13 +131,12 @@ sanity-checking.

 The tqdm repository managers should:

- follow the [Semantic Versioning](https://semver.org/) convention
+- follow the [Semantic Versioning](https://semver.org) convention
 - take care of this (instead of users) to avoid PR conflicts
 solely due to the version file bumping

 Note: tools can be used to automate this process, such as
-[bumpversion](https://github.com/peritus/bumpversion) or
-[python-semanticversion](https://github.com/rbarrois/python-semanticversion/).
+[python-semanticversion](https://github.com/rbarrois/python-semanticversion).


 ## Checking setup.py