Skip to content

chore: add SECURITY.md + swap chartboost/ruff-action for astral-sh/ruff-action#278

Merged
noahho merged 3 commits into
mainfrom
chore/security-and-pin
May 18, 2026
Merged

chore: add SECURITY.md + swap chartboost/ruff-action for astral-sh/ruff-action#278
noahho merged 3 commits into
mainfrom
chore/security-and-pin

Conversation

@noahho
Copy link
Copy Markdown
Collaborator

@noahho noahho commented May 15, 2026

Summary

  • Add SECURITY.md pointing reports to security@priorlabs.ai.
  • Replace chartboost/ruff-action@v1 with astral-sh/ruff-action@4919ec5 (v3, SHA-pinned). chartboost stopped maintaining their fork; astral-sh is the canonical maintained one and is API-compatible (src:, version:, args:).

🤖 Generated with Claude Code

@noahho @claude
chore: add SECURITY.md + swap unmaintained chartboost/ruff-action
ecfca95 
- Add SECURITY.md pointing reports to security@priorlabs.ai.
- Replace `chartboost/ruff-action@v1` with the official `astral-sh/ruff-action@v3`
  (SHA-pinned to 4919ec5). chartboost-the-company has stopped maintaining the
  fork; the astral-sh action is the canonical maintained one and is API-compatible
  for our use (`src:`, `version:`, `args:`).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@noahho noahho requested a review from a team as a code owner May 15, 2026 21:29
@noahho noahho requested review from ggprior and removed request for a team May 15, 2026 21:29
gemini-code-assist[bot]
gemini-code-assist Bot reviewed May 15, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@gemini-code-assist gemini-code-assist Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces a SECURITY.md file to establish a security policy and vulnerability reporting process. The feedback suggests improving the document by adding a 'Supported Versions' section and formatting the contact email as a clickable link for better usability.

Comment thread SECURITY.md Outdated
noahho and others added 2 commits May 15, 2026 23:35
@noahho @claude
docs(security): add Supported Versions section per review
948ccea 
Per PR review: include an explicit Supported Versions policy. Stating
'most recent minor only' is honest about our actual maintenance posture
and avoids the misleading generic template (3.x/2.x) that the upstream
bot suggested verbatim.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@noahho
docs(security): soften disclosure language per review
b50cf11 
Change 'Don't file public GitHub issues' to the more formal
'Please do not report security vulnerabilities via public GitHub
issues.' Matches the tone of the rest of the policy.
@noahho noahho requested review from brendan-priorlabs and removed request for ggprior May 15, 2026 21:53
@noahho noahho enabled auto-merge May 15, 2026 21:53
@noahho noahho added this pull request to the merge queue May 18, 2026
Merged via the queue into main with commit 2f5384f May 18, 2026
6 checks passed
@noahho noahho deleted the chore/security-and-pin branch May 18, 2026 10:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ggprior ggprior ggprior approved these changes

@brendan-priorlabs brendan-priorlabs Awaiting requested review from brendan-priorlabs

+1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@noahho @ggprior