From 9940f2176c12a79cee72446141b7bf7bca89a881 Mon Sep 17 00:00:00 2001 From: Mary Nicholson Date: Fri, 24 Apr 2026 14:06:45 +0100 Subject: [PATCH 1/3] CAAS-3775: SECURITY.md --- SECURITY.md | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 00000000..7fcf165c --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,23 @@ +# Security + +We take security and the protection of private data extremely seriously. If you believe you have found a vulnerability or other issue which has compromised or could compromise the security of any of our systems or private data managed by our systems, please do not hesitate to contact us using the method outlined below. + +## Table of Contents + +- [Security](#security) + - [Table of Contents](#table-of-contents) + - [Reporting a vulnerability](#reporting-a-vulnerability) + - [General Security Enquiries](#general-security-enquiries) + +## Reporting a vulnerability + +If you believe you have found a security issue in this repository, please report it using GitHub's private vulnerability reporting: + +1. [Report a vulnerability](https://github.com/NHSDigital/software-engineering-quality-framework/security/advisories/new) +2. Provide details of the issue and steps to reproduce + +This creates a private channel for discussion and allows us to coordinate a fix before any public disclosure. + +## General Security Enquiries + +If you have general enquiries regarding our cybersecurity, please reach out to us at [cybersecurity@nhs.net](cybersecurity@nhs.net) \ No newline at end of file From d422205d67c55460fd48eb95dd256ac9ec28cda1 Mon Sep 17 00:00:00 2001 From: Gabriel Pichiu Date: Fri, 24 Apr 2026 14:20:39 +0100 Subject: [PATCH 2/3] CAAS-3651: bump package.json version --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 24be426e..d67b2e96 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@caas/transfer-artifact", - "version": "4.2.1", + "version": "4.3.0", "description": "Upload or download a build artifact that can be used by subsequent workflow steps", "main": "dist/index.js", "scripts": { From 5eef999c007f40d4334e2b1246e1d5ca6cdc372b Mon Sep 17 00:00:00 2001 From: Gabriel Pichiu Date: Fri, 24 Apr 2026 14:27:56 +0100 Subject: [PATCH 3/3] CAAS-3651: prettier fix --- SECURITY.md | 2 +- package-lock.json | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index 7fcf165c..d9879f16 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -20,4 +20,4 @@ This creates a private channel for discussion and allows us to coordinate a fix ## General Security Enquiries -If you have general enquiries regarding our cybersecurity, please reach out to us at [cybersecurity@nhs.net](cybersecurity@nhs.net) \ No newline at end of file +If you have general enquiries regarding our cybersecurity, please reach out to us at [cybersecurity@nhs.net](cybersecurity@nhs.net) diff --git a/package-lock.json b/package-lock.json index 69e4db2a..66cfa1ef 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "@caas/transfer-artifact", - "version": "4.2.1", + "version": "4.3.0", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "@caas/transfer-artifact", - "version": "4.2.1", + "version": "4.3.0", "license": "MIT", "dependencies": { "@actions/artifact": "^2.2.2",