Merge pull request #139 from IgniteUI/sstoychev/community-insights

feat(*): adding/updating documents for community insights

Author: kdinev

.github/CONTRIBUTING.md

@@ -2,7 +2,8 @@
 name: Bug report
 about: Create a report to help us improve
 title: ''
-labels: ":bug: bug"
+type: Bug
+labels: ':bug: bug,:new: status: new'
 assignees: ''
 
 ---

.github/ISSUE_TEMPLATE/bug_report.md

@@ -2,7 +2,8 @@
 name: Feature request
 about: Suggest an idea for this project
 title: ''
-labels: feature-request
+type: Feature
+labels: ':toolbox: feature-request,:new: status: new'
 assignees: ''
 
 ---

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,16 @@
+Closes #  
+
+### Additional information (check all that apply):
+ - [ ] Bug fix
+ - [ ] New functionality
+ - [ ] Documentation
+ - [ ] Demos
+ - [ ] CI/CD
+
+### Checklist:
+ - [ ] All relevant tags have been applied to this PR
+ - [ ] This PR includes general feature table updates in the root `README.MD`
+ - [ ] This PR includes `CHANGELOG.MD` updates for newly added functionality
+ - [ ] This PR contains breaking changes
+ - [ ] This PR includes behavioral changes and the feature specification has been updated with them
+ 

.github/PULL_REQUEST_TEMPLATE.md

@@ -1,27 +1,27 @@
-# This workflow warns and then closes issues and PRs that have had no activity for a specified amount of time.
-#
-# You can adjust the behavior by modifying this file.
-# For more information, see:
-# https://github.com/actions/stale
-name: Mark stale issues and pull requests
+name: Mark stale or close issues and pull requests
 
 on:
   schedule:
-  - cron: '37 10 * * *'
+  - cron: "0 0 * * *"
 
 jobs:
   stale:
-
     runs-on: ubuntu-latest
+
     permissions:
       issues: write
       pull-requests: write
 
     steps:
-    - uses: actions/stale@v5
+    - uses: actions/stale@v10
       with:
+        days-before-issue-stale: 60
+        days-before-issue-close: 14
+        days-before-pr-close: -1
         repo-token: ${{ secrets.GITHUB_TOKEN }}
-        stale-issue-message: 'Stale issue message'
-        stale-pr-message: 'Stale pull request message'
-        stale-issue-label: 'no-issue-activity'
-        stale-pr-label: 'no-pr-activity'
+        stale-issue-message: 'There has been no recent activity and this issue has been marked inactive.'
+        stale-pr-message: 'There has been no recent activity and this PR has been marked inactive.'
+        stale-issue-label: 'status: inactive'
+        stale-pr-label: 'status: inactive'
+        close-issue-message: 'This issue was closed because it has been inactive for 14 days since being marked as stale.'
+

.github/workflows/stale.yml

@@ -0,0 +1,128 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+We as members, contributors, and leaders pledge to make participation in our
+community a harassment-free experience for everyone, regardless of age, body
+size, visible or invisible disability, ethnicity, sex characteristics, gender
+identity and expression, level of experience, education, socio-economic status,
+nationality, personal appearance, race, religion, or sexual identity
+and orientation.
+
+We pledge to act and interact in ways that contribute to an open, welcoming,
+diverse, inclusive, and healthy community.
+
+## Our Standards
+
+Examples of behavior that contributes to a positive environment for our
+community include:
+
+* Demonstrating empathy and kindness toward other people
+* Being respectful of differing opinions, viewpoints, and experiences
+* Giving and gracefully accepting constructive feedback
+* Accepting responsibility and apologizing to those affected by our mistakes,
+  and learning from the experience
+* Focusing on what is best not just for us as individuals, but for the
+  overall community
+
+Examples of unacceptable behavior include:
+
+* The use of sexualized language or imagery, and sexual attention or
+  advances of any kind
+* Trolling, insulting or derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or email
+  address, without their explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Enforcement Responsibilities
+
+Community leaders are responsible for clarifying and enforcing our standards of
+acceptable behavior and will take appropriate and fair corrective action in
+response to any behavior that they deem inappropriate, threatening, offensive,
+or harmful.
+
+Community leaders have the right and responsibility to remove, edit, or reject
+comments, commits, code, wiki edits, issues, and other contributions that are
+not aligned to this Code of Conduct, and will communicate reasons for moderation
+decisions when appropriate.
+
+## Scope
+
+This Code of Conduct applies within all community spaces, and also applies when
+an individual is officially representing the community in public spaces.
+Examples of representing our community include using an official e-mail address,
+posting via an official social media account, or acting as an appointed
+representative at an online or offline event.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported to the community leaders responsible for enforcement at
+IgniteUI@infragistics.com.
+All complaints will be reviewed and investigated promptly and fairly.
+
+All community leaders are obligated to respect the privacy and security of the
+reporter of any incident.
+
+## Enforcement Guidelines
+
+Community leaders will follow these Community Impact Guidelines in determining
+the consequences for any action they deem in violation of this Code of Conduct:
+
+### 1. Correction
+
+**Community Impact**: Use of inappropriate language or other behavior deemed
+unprofessional or unwelcome in the community.
+
+**Consequence**: A private, written warning from community leaders, providing
+clarity around the nature of the violation and an explanation of why the
+behavior was inappropriate. A public apology may be requested.
+
+### 2. Warning
+
+**Community Impact**: A violation through a single incident or series
+of actions.
+
+**Consequence**: A warning with consequences for continued behavior. No
+interaction with the people involved, including unsolicited interaction with
+those enforcing the Code of Conduct, for a specified period of time. This
+includes avoiding interactions in community spaces as well as external channels
+like social media. Violating these terms may lead to a temporary or
+permanent ban.
+
+### 3. Temporary Ban
+
+**Community Impact**: A serious violation of community standards, including
+sustained inappropriate behavior.
+
+**Consequence**: A temporary ban from any sort of interaction or public
+communication with the community for a specified period of time. No public or
+private interaction with the people involved, including unsolicited interaction
+with those enforcing the Code of Conduct, is allowed during this period.
+Violating these terms may lead to a permanent ban.
+
+### 4. Permanent Ban
+
+**Community Impact**: Demonstrating a pattern of violation of community
+standards, including sustained inappropriate behavior,  harassment of an
+individual, or aggression toward or disparagement of classes of individuals.
+
+**Consequence**: A permanent ban from any sort of public interaction within
+the community.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage],
+version 2.0, available at
+https://www.contributor-covenant.org/version/2/0/code_of_conduct.html.
+
+Community Impact Guidelines were inspired by [Mozilla's code of conduct
+enforcement ladder](https://github.com/mozilla/diversity).
+
+[homepage]: https://www.contributor-covenant.org
+
+For answers to common questions about this code of conduct, see the FAQ at
+https://www.contributor-covenant.org/faq. Translations are available at
+https://www.contributor-covenant.org/translations.

CODE_OF_CONDUCT.md

@@ -0,0 +1,87 @@
+# Security Policy
+
+This document describes how to report security vulnerabilities and which versions receive security updates.
+
+## Supported Versions
+
+We provide security fixes for supported releases according to the following guidance:
+
+| Version | Supported | Example
+| --- | --- | --- |
+| Latest release | ✅ | 19.5.0 |
+| Previous two feature releases | ✅ (critical fixes only) | 19.3.0, 19.4.0 |
+| Older releases | ❌ |
+
+If you are unsure whether your version is supported, please report the issue anyway and we will advise on next steps.
+
+## Reporting a Vulnerability
+
+Please **do not** open a public GitHub issue for security vulnerabilities.
+
+Instead, report privately using one of the following methods (preferred first):
+
+1. **GitHub Private Vulnerability Reporting (recommended)**
+	- Go to the repository's **Security** tab and use **Report a vulnerability**.
+
+2. **Email**
+	- Send details to: **igniteui@infragistics.com**
+
+3. **Support Case**
+    - If you are a registered Infragistics user, you can report the vulnerability through a support case at (https://account.infragistics.com/support-cases)
+
+If neither option is available, contact the maintainers privately. Only use the public issue tracker for **non-security** bugs.
+
+### What to include
+
+To help us triage quickly, include:
+
+- A clear description of the vulnerability and its impact
+- Steps to reproduce (proof-of-concept if possible)
+- Affected versions and/or commit hash
+- Any relevant logs or stack traces (sanitize secrets)
+- Your assessment of severity (optional)
+- Suggested fix or mitigation (optional)
+
+### Sensitive information
+
+- Do **not** include secrets, tokens, private keys, or real customer data.
+- If sensitive data is required to demonstrate the issue, redact it and describe the expected format.
+
+## Disclosure Process
+
+After receiving a report, we aim to follow this process:
+
+1. **Acknowledgement**: within **3 business days**
+2. **Triage** (severity assessment + scope): within **7 business days**
+3. **Fix development**: timeline depends on severity and complexity
+4. **Release**: we will publish a patch release and/or mitigation guidance
+5. **Advisory**: we may publish a GitHub Security Advisory (crediting reporters who want it)
+
+We may request additional information during triage.
+
+## Severity and Prioritization
+
+We prioritize issues using impact and exploitability, informed by CVSS where appropriate:
+
+- **Critical**: remote code execution, auth bypass, significant data exposure
+- **High**: privilege escalation, major DoS, sensitive info leaks
+- **Medium/Low**: limited impact, edge cases, or hard-to-exploit issues
+
+## Coordinated Vulnerability Disclosure
+
+We support coordinated disclosure and ask that you:
+
+- Give us a reasonable window to fix before public disclosure
+- Avoid exploiting the vulnerability beyond what is necessary to prove it exists
+- Avoid actions that degrade service availability or compromise user data
+
+## Security Updates
+
+Security fixes may be communicated via one or more of:
+
+- GitHub Security Advisories
+- Release notes / changelog
+
+## Acknowledgements
+
+We appreciate responsible disclosures. If you’d like public credit, tell us how you want to be acknowledged.