From 46f41995af149d7cd0a1d7eeb633f18fe5c55dfb Mon Sep 17 00:00:00 2001
From: Nicolas MARTEAU <nico_mart@hotmail.fr>
Date: Wed, 7 Aug 2024 15:03:13 +0200
Subject: [PATCH] chore: add SECURITY.md and dependabot.yml

---
 .github/Dockerfile     | 11 -----------
 .github/dependabot.yml | 21 +++++++++++++++++++++
 SECURITY.md            |  5 +++++
 3 files changed, 26 insertions(+), 11 deletions(-)
 delete mode 100644 .github/Dockerfile
 create mode 100644 .github/dependabot.yml
 create mode 100644 SECURITY.md

diff --git a/.github/Dockerfile b/.github/Dockerfile
deleted file mode 100644
index c16f8e8..0000000
--- a/.github/Dockerfile
+++ /dev/null
@@ -1,11 +0,0 @@
-ARG PLATFORM
-
-FROM myunisoft91/heif-converter.$PLATFORM
-LABEL maintainer="Nicolas Marteau <nico_mart@hotmail.fr>"
-
-WORKDIR heif-converter
-COPY . .
-RUN npm install --omit-optional
-RUN npm run configure -- --target=v18.12.0
-RUN npm run build -- --target=v18.12.0
-RUN npm run test
\ No newline at end of file
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 0000000..511b85c
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,21 @@
+version: 2
+updates:
+  - package-ecosystem: github-actions
+    directory: /
+    schedule:
+      interval: monthly
+    groups:
+      github-actions:
+        patterns:
+          - "*"
+
+  - package-ecosystem: npm
+    directory: /
+    versioning-strategy: widen
+    schedule:
+      interval: weekly
+    groups:
+      dependencies:
+        dependency-type: "production"
+      development-dependencies:
+        dependency-type: "development"
\ No newline at end of file
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..c083455
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,5 @@
+# Reporting Security Issues
+
+To report a security issue, please [publish a private security advisory](https://github.com/MyUnisoft/heif-converter/security/advisories) with a description of the issue, the steps you took to create the issue, affected versions, and, if known, mitigations for the issue.
+
+Our vulnerability management team will respond within one week. If the issue is confirmed as a vulnerability, we will open a Security Advisory and acknowledge your contributions as part of it. This project follows a 90 day disclosure timeline.
\ No newline at end of file