Merge pull request #41 from Stassi/feature/reformat-readme-and-securi…

…ty-policy feature/reformat-readme-and-security-policy
Stassi · Oct 5, 2024 · 0594126 · 0594126
2 parents 0da3ebb + 1a26594
commit 0594126
Show file tree

Hide file tree

Showing 4 changed files with 23 additions and 19 deletions.
diff --git a/README.md b/README.md
@@ -1,13 +1,13 @@
 # leaf
 
-[![npm version](https://img.shields.io/npm/v/%40stassi%2Fleaf)](https://www.npmjs.com/package/@stassi/leaf)
-[![npm license](https://img.shields.io/npm/l/%40stassi%2Fleaf)](LICENSE)
-[![npm types](https://img.shields.io/npm/types/%40stassi%2Fleaf)](tsconfig.json)
-[![Node.js LTS versions](https://img.shields.io/node/v-lts/%40stassi%2Fleaf)](package.json)
-![GitHub repo size](https://img.shields.io/github/repo-size/Stassi/leaf)
-[![Snyk package health](https://snyk.io/advisor/npm-package/@stassi/leaf/badge.svg)](https://snyk.io/advisor/npm-package/@stassi/leaf)
-[![Continuous integration (CI)](https://github.com/Stassi/leaf/actions/workflows/continuous-integration.yml/badge.svg)](https://github.com/Stassi/leaf/actions/workflows/continuous-integration.yml)
-[![Continuous delivery (CD)](https://github.com/Stassi/leaf/actions/workflows/continuous-delivery.yml/badge.svg)](https://github.com/Stassi/leaf/actions/workflows/continuous-delivery.yml)
-[![Security](https://github.com/Stassi/leaf/actions/workflows/security.yml/badge.svg)](https://github.com/Stassi/leaf/actions/workflows/security.yml)
+[![The project's latest version published to the npm registry.](https://img.shields.io/npm/v/%40stassi%2Fleaf "npm latest version badge")](https://www.npmjs.com/package/@stassi/leaf)
+[![The license information for this project.](https://img.shields.io/npm/l/%40stassi%2Fleaf "npm license badge")](LICENSE)
+[![Indicates type definitions are included in the project.](https://img.shields.io/npm/types/%40stassi%2Fleaf "npm types badge")](tsconfig.json)
+[![Lists Node.js LTS versions supported by this package.](https://img.shields.io/node/v-lts/%40stassi%2Fleaf "Node.js LTS versions badge")](package.json)
+[![Displays the size of the project's GitHub repository in bytes.](https://img.shields.io/github/repo-size/Stassi/leaf "GitHub repository size badge")](#)
+[![Displays the Snyk Advisor package health score for this project.](https://snyk.io/advisor/npm-package/@stassi/leaf/badge.svg "Snyk Advisor package health badge")](https://snyk.io/advisor/npm-package/@stassi/leaf)
+[![Displays the status of the continuous integration (CI) workflow via GitHub Actions.](https://github.com/Stassi/leaf/actions/workflows/continuous-integration.yml/badge.svg "Continuous integration status badge")](https://github.com/Stassi/leaf/actions/workflows/continuous-integration.yml)
+[![Displays the status of continuous delivery (CD) workflow via GitHub Actions.](https://github.com/Stassi/leaf/actions/workflows/continuous-delivery.yml/badge.svg "Continuous delivery status badge")](https://github.com/Stassi/leaf/actions/workflows/continuous-delivery.yml)
+[![Displays the pass-fail status of the project's automated security scans via GitHub Actions.](https://github.com/Stassi/leaf/actions/workflows/security.yml/badge.svg "Automated security analysis status badge")](https://github.com/Stassi/leaf/actions/workflows/security.yml)
 
 Leaflet adapter.
diff --git a/SECURITY.md b/SECURITY.md
@@ -2,7 +2,7 @@
 
 ## Updates
 
-[![npm version](https://img.shields.io/npm/v/%40stassi%2Fleaf)](https://www.npmjs.com/package/@stassi/leaf)
+[![The project's latest version published to the npm registry.](https://img.shields.io/npm/v/%40stassi%2Fleaf "npm latest version badge")](https://www.npmjs.com/package/@stassi/leaf)
 
 **Always use the latest version of `@stassi/leaf`** via the `npm update` command ([documentation](https://docs.npmjs.com/cli/v10/commands/npm-update)) to ensure the latest security updates are received.
 
@@ -16,7 +16,7 @@ If you discover a **potential vulnerability in the `@stassi/leaf` codebase**, pl
 
 ## Maintenance
 
-[![Security](https://github.com/Stassi/leaf/actions/workflows/security.yml/badge.svg)](https://github.com/Stassi/leaf/actions/workflows/security.yml)
+[![Displays the pass-fail status of the project's automated security scans via GitHub Actions.](https://github.com/Stassi/leaf/actions/workflows/security.yml/badge.svg "Automated security analysis status badge")](https://github.com/Stassi/leaf/actions/workflows/security.yml)
 
 Automated security scans are integrated into the [continuous delivery (CD)](https://en.wikipedia.org/wiki/Continuous_delivery) pipeline.
 
@@ -50,13 +50,15 @@ The following potential vulnerabilities were **resolved** after detection.
 - **CVSS (severity):** 8.3 (high)
 - **Advisory:** [GHSA-gcx4-mw62-g8wm](https://github.com/advisories/GHSA-gcx4-mw62-g8wm)
 - **CVE:** [CVE-2024-47068](https://nvd.nist.gov/vuln/detail/CVE-2024-47068)
-- **CWEs:** [CWE-79](https://cwe.mitre.org/data/definitions/79.html) (Cross-site scripting (XSS)), [CWE-116](https://cwe.mitre.org/data/definitions/116.html) (Improper encoding or escaping of output)
+- **CWEs:**
+  - **CWE-79**: [Cross-site scripting (XSS)](https://cwe.mitre.org/data/definitions/79.html)
+  - **CWE-116**: [Improper encoding or escaping of output](https://cwe.mitre.org/data/definitions/116.html)
 
 ### Regular expression denial of service (ReDoS) in `path-to-regexp`
 
 - **Detected by:** Dependabot & Snyk
 - **Vulnerable package:** [path-to-regexp](https://www.npmjs.com/package/path-to-regexp) (via [serve](https://www.npmjs.com/package/serve))
-- **Detection times:** September 24, 2024, at 19:48
+- **Detection times:**
   - **Dependabot**: 2024-09-24 19:48
   - **Snyk**: 2024-09-23 19:08
 - **Resolution time:** 2024-09-25 5:05
@@ -77,8 +79,10 @@ The following potential vulnerabilities were **resolved** after detection.
 - **Detection time:** 2024-09-24 16:03
 - **Resolution time:** 2024-10-04 03:17
 - **Resolution pull requests (PRs):**
-  - [#34](https://github.com/Stassi/leaf/pull/34) (feature/sanitize-leaflet)
-  - [#37](https://github.com/Stassi/leaf/pull/37) (feature/sanitize-tutorials-dom-xss)
+  - **#34**: [feature/sanitize-leaflet](https://github.com/Stassi/leaf/pull/34)
+  - **#37**: [feature/sanitize-tutorials-dom-xss](https://github.com/Stassi/leaf/pull/37)
 - **CVSS (severity):** 6.1 (medium)
 - **Advisory:** [CodeQL js/html-constructed-from-input](https://codeql.github.com/codeql-query-help/javascript/js-html-constructed-from-input/)
-- **CWEs:** [CWE-79](https://cwe.mitre.org/data/definitions/79.html) (Cross-site scripting (XSS)), [CWE-116](https://cwe.mitre.org/data/definitions/116.html) (Improper encoding or escaping of output)
+- **CWEs:**
+  - **CWE-79**: [Cross-site scripting (XSS)](https://cwe.mitre.org/data/definitions/79.html)
+  - **CWE-116**: [Improper encoding or escaping of output](https://cwe.mitre.org/data/definitions/116.html)
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@stassi/leaf",
-  "version": "0.0.40",
+  "version": "0.0.41",
   "description": "Leaflet adapter.",
   "keywords": [
     "cartography",