Merge pull request #3 from Nec0ti/master

Nec0ti · web-flow · commit f7523068c829 · 2025-03-05T18:02:28.000+03:00
aa
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,12 @@
+version: 2
+updates:
+  - package-ecosystem: "npm"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    open-pull-requests-limit: 10
+
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,41 @@
+# LibrisAPI Security Policy
+
+At LibrisAPI, we are committed to maintaining the highest level of security for our users' data. This document outlines our security policies and how to report security vulnerabilities.
+
+## Supported Versions
+
+| Version | Support Status |
+| ------- | -------------- |
+| 1.x   | Supported   |
+| < 1.0   | Not Supported |
+
+Security updates will only be applied to supported versions.
+
+## Reporting Security Vulnerabilities
+
+If you discover a security vulnerability in LibrisAPI, please report it to us by following these steps:
+
+1.  **Description:** Prepare a detailed report that includes a description of the vulnerability, how to reproduce it, and the potential impact.
+2.  **Contact:** Send your report via email to [core@necoti.dev](mailto:core@necoti.dev). Please encrypt your email (e.g., using GPG) and include your public key.
+3.  **Confidentiality:** Avoid disclosing the vulnerability publicly. After contacting us, we will work together to resolve the issue and release the necessary updates.
+
+## Security Measures
+
+The following security measures are implemented in LibrisAPI:
+
+*   **Password Hashing:** User passwords are securely hashed using bcryptjs.
+*   **JWT (JSON Web Token) Authentication:** Authentication is performed securely using JWT.
+*   **Input Validation:** User inputs are validated to prevent potential security vulnerabilities.
+*   **HTTPS Usage:** Communication between the API and users is encrypted using the HTTPS protocol.
+*   **Dependency Updates:** All dependencies used in the project are regularly updated to patch security vulnerabilities.
+*   **Rate Limiting:** Request rates are limited to prevent abuse of the API.
+
+## Disclaimer
+
+LibrisAPI is provided "as is" and without any warranty. We are not responsible for any security breaches or data loss resulting from the use of this project.
+
+## Contact
+
+If you have any security-related questions or concerns, please contact us at [core@necoti.dev](mailto:core@necoti.dev).
+
+This core policy is continuously updated to ensure the core of LibrisAPI. Please check back regularly.
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -8,13 +8,13 @@
     "dev": "nodemon server.js"
   },
   "dependencies": {
-    "bcryptjs": "^2.4.3",
+    "bcryptjs": "^3.0.2",
     "cors": "^2.8.5",
     "dotenv": "^16.3.1",
     "express": "^4.18.2",
     "express-rate-limit": "^7.5.0",
     "jsonwebtoken": "^9.0.2",
-    "mongoose": "^8.0.3"
+    "mongoose": "^8.12.1"
   },
   "devDependencies": {
     "nodemon": "^3.0.2"
