Skip to content

chore: add security hardening#482

Merged
nikosxenakis merged 1 commit intomainfrom
nikosxenakis/SDK-2664-security-hardening
Apr 14, 2026
Merged

chore: add security hardening#482
nikosxenakis merged 1 commit intomainfrom
nikosxenakis/SDK-2664-security-hardening

Conversation

@nikosxenakis
Copy link
Copy Markdown
Contributor

@nikosxenakis nikosxenakis commented Apr 14, 2026

Summary

  • Add SECURITY.md with DFINITY's vulnerability reporting policy and bug bounty program details
  • Add minimumReleaseAge: 10080 to pnpm-workspace.yaml to ignore dependency updates released less than 7 days ago

Context

Part of SDK-2664 security hardening across JS/TS repos.

Note: ignore-scripts=true is not added to .npmrc because this repo uses onlyBuiltDependencies in pnpm-workspace.yaml (which already restricts which packages can run install scripts). Adding ignore-scripts=true to .npmrc would override onlyBuiltDependencies and break @dfinity/pic's postinstall binary download.

@nikosxenakis nikosxenakis requested a review from a team as a code owner April 14, 2026 13:47
@nikosxenakis nikosxenakis force-pushed the nikosxenakis/SDK-2664-security-hardening branch from 3273173 to 5e4b673 Compare April 14, 2026 13:59
@nikosxenakis nikosxenakis force-pushed the nikosxenakis/SDK-2664-security-hardening branch from 5e4b673 to f54c6c9 Compare April 14, 2026 14:10
@nikosxenakis nikosxenakis merged commit b764a39 into main Apr 14, 2026
10 checks passed
@nikosxenakis nikosxenakis deleted the nikosxenakis/SDK-2664-security-hardening branch April 14, 2026 14:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants