From 1977d50fdd436cffb15c8dccba7baa25674216a1 Mon Sep 17 00:00:00 2001 From: M Bussonnier Date: Fri, 24 May 2024 11:07:46 +0200 Subject: [PATCH 1/7] Update rporting guidelines. Now that Public GHSA opening is available on most repo, be clearer that those can be used directly. --- security.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/security.md b/security.md index 7b547c53..f5fc7162 100644 --- a/security.md +++ b/security.md @@ -12,7 +12,11 @@ of security issues. ## Reporting vulnerabilities If you believe you've found a security vulnerability in a [Jupyter Subproject](https://jupyter.org/governance/list_of_subprojects.html), -please report it to [security@ipython.org](mailto:security@ipython.org). +you can either: + - Directly open a GitHub Security Advisory (GHSA) in the relevant repository + - report it to [security@ipython.org](mailto:security@ipython.org) if opening a GHSA is nto possible, or you are unsure + where it will belong. + If you prefer to encrypt your security reports, you can use [this PGP public key](assets/ipython_security.asc). From 6e20656b682b943c3ba09f85e0b5e343ae6ffeb5 Mon Sep 17 00:00:00 2001 From: M Bussonnier Date: Fri, 24 May 2024 02:23:00 -0700 Subject: [PATCH 2/7] Update security.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Michał Krassowski <5832902+krassowski@users.noreply.github.com> --- security.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/security.md b/security.md index f5fc7162..c3306678 100644 --- a/security.md +++ b/security.md @@ -14,7 +14,7 @@ of security issues. If you believe you've found a security vulnerability in a [Jupyter Subproject](https://jupyter.org/governance/list_of_subprojects.html), you can either: - Directly open a GitHub Security Advisory (GHSA) in the relevant repository - - report it to [security@ipython.org](mailto:security@ipython.org) if opening a GHSA is nto possible, or you are unsure + - report it to [security@ipython.org](mailto:security@ipython.org) if opening a GHSA is not possible, or you are unsure where it will belong. If you prefer to encrypt your security reports, From 25d24975b7a253d0e112f2c812dfd4d66d2fa53e Mon Sep 17 00:00:00 2001 From: M Bussonnier Date: Fri, 24 May 2024 02:32:31 -0700 Subject: [PATCH 3/7] Update security.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Michał Krassowski <5832902+krassowski@users.noreply.github.com> --- security.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/security.md b/security.md index c3306678..bd5fca53 100644 --- a/security.md +++ b/security.md @@ -13,7 +13,7 @@ of security issues. If you believe you've found a security vulnerability in a [Jupyter Subproject](https://jupyter.org/governance/list_of_subprojects.html), you can either: - - Directly open a GitHub Security Advisory (GHSA) in the relevant repository + - directly open a GitHub Security Advisory (GHSA) in the relevant repository - report it to [security@ipython.org](mailto:security@ipython.org) if opening a GHSA is not possible, or you are unsure where it will belong. From c5a4c5b295fb7e554e6e8e9a9853553aafd72952 Mon Sep 17 00:00:00 2001 From: M Bussonnier Date: Fri, 24 May 2024 11:42:50 +0200 Subject: [PATCH 4/7] ignore user profile check --- .github/workflows/validate.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index d7ba634c..3172de40 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -85,7 +85,10 @@ jobs: --check-links-ignore ".github/images/netlify-preview.png" \ --check-links-ignore ".*help.medium.com.*" \ --check-links-ignore "https://twitter.com/.*" \ - --check-links-ignore "https://jupytercon.com" + --check-links-ignore "https://jupytercon.com" \ + # got 429 too many requests from GitHub when checking user's profile + # existence in about.html + --check-links-ignore "https://github.com/.*" lighthouse: From f0af0a1be44287711fcd8f84b127384b3f039038 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Krassowski?= <5832902+krassowski@users.noreply.github.com> Date: Sun, 26 May 2024 11:01:47 +0100 Subject: [PATCH 5/7] Fix the bash syntax for link ignore If comment follows a line break (`\`) the next line will be ignored. See https://stackoverflow.com/questions/9522631/how-to-put-a-line-comment-for-a-multi-line-command --- .github/workflows/validate.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 3172de40..111bb7eb 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -86,9 +86,7 @@ jobs: --check-links-ignore ".*help.medium.com.*" \ --check-links-ignore "https://twitter.com/.*" \ --check-links-ignore "https://jupytercon.com" \ - # got 429 too many requests from GitHub when checking user's profile - # existence in about.html - --check-links-ignore "https://github.com/.*" + --check-links-ignore "https://github.com/[^/]+/?$" # 429 too many requests checking GitHub user profiles in about.html lighthouse: From dd08f74183052651e81124ac6c653b1940efc02b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Krassowski?= <5832902+krassowski@users.noreply.github.com> Date: Sun, 26 May 2024 11:15:25 +0100 Subject: [PATCH 6/7] Fix netapp link --- index.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/index.html b/index.html index 719ad9a5..65112c3b 100644 --- a/index.html +++ b/index.html @@ -213,7 +213,7 @@ - href: https://www.nasa.gov src: NASA.svg alt: NASA - - href: https://www.netapp.com/us/ + - href: https://www.netapp.com/ src: netapp.svg alt: NetApp - href: https://www.linkedin.com/company/nsite-llc/about/ From 6fde7527e10b0c5ed0473908ded5fc70aaa30e29 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Krassowski?= <5832902+krassowski@users.noreply.github.com> Date: Sun, 26 May 2024 11:21:45 +0100 Subject: [PATCH 7/7] Ignore netapp.com link --- .github/workflows/validate.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 111bb7eb..363d114d 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -86,6 +86,7 @@ jobs: --check-links-ignore ".*help.medium.com.*" \ --check-links-ignore "https://twitter.com/.*" \ --check-links-ignore "https://jupytercon.com" \ + --check-links-ignore "https://www.netapp.com" \ --check-links-ignore "https://github.com/[^/]+/?$" # 429 too many requests checking GitHub user profiles in about.html lighthouse: