Merge pull request #30 from oliviacarlisle/dev

Update workflows

.github/workflows/ci.yml

@@ -2,19 +2,23 @@ name: CI - Run Tests
 
 on:
   pull_request:
-    branches: [main] # Adjust this if your main branch has a different name
+    branches: [main]
 
 jobs:
   test:
+    name: test (Node ${{ matrix.node-version }})
     runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        node-version: [18, 20, 22]
 
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
-      - name: Use Node.js
-        uses: actions/setup-node@v3
+      - name: Use Node.js ${{ matrix.node-version }}
+        uses: actions/setup-node@v4
         with:
-          node-version: '20' # Specify the Node.js version you're using
+          node-version: ${{ matrix.node-version }}
 
       - name: Install dependencies
         run: npm ci

.github/workflows/codecov.yml

@@ -6,7 +6,7 @@ on:
 
 jobs:
   test:
-    name: Run tests and collect coverage
+    name: code coverage
     runs-on: ubuntu-latest
     steps:
       - name: Checkout

.github/workflows/npm-publish.yml

@@ -9,8 +9,8 @@ jobs:
     runs-on: ubuntu-latest
     environment: production
     steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-node@v3
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
         with:
           node-version: 20.x
           registry-url: 'https://registry.npmjs.org'

README.md

@@ -6,7 +6,8 @@
 [![codecov](https://codecov.io/gh/oliviacarlisle/dslib-core/graph/badge.svg?token=SVPFWK8OW9)](https://codecov.io/gh/oliviacarlisle/dslib-core)
 [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
 [![install size](https://packagephobia.com/badge?p=dslib-core)](https://packagephobia.com/result?p=dslib-core)
-![npm package minimized gzipped size](https://img.shields.io/bundlejs/size/dslib-core)
+[![npm package minified size](https://img.shields.io/badge/dynamic/json?url=https%3A%2F%2Fdeno.bundlejs.com%2F%3Fq%3Ddslib-core&query=size.uncompressedSize&label=minified%20size)](https://bundlejs.com/?q=dslib-core)
+[![npm package minified gzipped size](https://img.shields.io/bundlejs/size/dslib-core)](https://bundlejs.com/?q=dslib-core)
 
 A robust and efficient data structures library.
 

SECURITY.md

@@ -0,0 +1,55 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+We take the security of our project seriously. If you believe you have found a security vulnerability, please report it through GitHub's Security tab:
+
+1. Go to our repository's Security tab
+2. Click "Report a vulnerability"
+3. Fill out the form with:
+   - A description of the vulnerability
+   - Steps to reproduce the issue
+   - Potential impact
+   - Suggested fix (if any)
+
+For more information on reporting security vulnerabilities through GitHub, visit: https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability
+
+### What to Expect
+
+- We will acknowledge receipt of your report within 48 hours
+- We will provide a more detailed response within 7 days
+- We will work on fixing the issue and keep you informed of our progress
+- Once the issue is resolved, we will publish a security advisory
+
+## Security Update Policy
+
+- Security updates will be released as soon as possible after a vulnerability is confirmed
+- Legacy versions will receive security updates for [X] months after release
+- Updates will be clearly marked in our changelog
+
+## Supported Versions
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 1.x.x   | :white_check_mark: |
+
+## Best Practices
+
+We recommend users:
+
+- Keep dependencies up to date
+- Use the latest stable version
+- Enable security alerts in GitHub
+- Regularly audit dependencies using `npm audit` or similar tools
+
+## Disclosure Policy
+
+- We follow responsible disclosure practices
+- Vulnerabilities will be announced 7 days after a fix is released
+- Critical vulnerabilities may be announced sooner depending on potential impact
+
+## Security-Related Configuration
+
+- Enable security features in your implementation
+- Follow our security configuration guide in the documentation
+- Use environment variables for sensitive information