react-scheduler/react-big-schedule

View on GitHub
SECURITY.md

Summary

Maintainability
Test Coverage
# Security Policy

### Reporting Security Vulnerabilities
We take the security of react-big-schedule seriously. If you believe you have found a security vulnerability, please submit a private issue on our GitHub repository. We will review and address it promptly.

### Supported Versions:

| Version |    Supported |
| --------| --------- |
| 4.4.3 or grater     | :white_check_mark: |
| 4.4.1    | :white_check_mark: |
| rest all | :x: |

Please note that only the latest version of react-big-schedule will receive security updates. It is highly recommended to keep your dependencies up to date.

### Vulnerability Reporting Process

If you discover a security vulnerability in react-big-schedule, please follow these steps to report it:

1. Submit a detailed private issue on our GitHub repository with the following information:
   - A clear description of the vulnerability and how it can be exploited.
   - Steps to reproduce the vulnerability.
   - Any relevant technical details, including code snippets if applicable.
2. Our team will review the vulnerability report and respond as soon as possible.
3. Once the vulnerability is confirmed, we will work on fixing it and providing a timeline for the release of a patched version.
4. We will keep you informed about the progress and steps taken to address the vulnerability.

### Security Updates

We are committed to addressing security vulnerabilities promptly and releasing updates in a timely manner. The following steps are taken for security updates:

1. When a security vulnerability is reported and confirmed, our team will prioritize addressing the issue.
2. A fix will be developed and thoroughly tested.
3. A new version will be released, including the security fix.
4. An announcement will be made on our GitHub repository, detailing the security vulnerability and the fixed version.
5. It is recommended to update to the latest version to ensure your application remains secure.

### Dependencies
react-big-schedule relies on the following third-party dependencies:

- @ant-design/icons
- antd
- dayjs
- prop-types
- react
- react-dnd
- react-dnd-html5-backend
- react-dom
- rrule

We strive to keep these dependencies up to date and monitor them for security vulnerabilities. However, it is recommended to review and monitor the dependencies in your own projects for any potential security issues.

### Security Policy Changes
This security policy is subject to change and may be updated or modified based on the needs of the project or in response to security concerns. Any changes made to the security policy will be documented and communicated through our GitHub repository.