angular-fontawesome icon indicating copy to clipboard operation
angular-fontawesome copied to clipboard

Published 20 hours ago verified publisher icon FortAwesome

Feature request (for docs): Security vulnerability policy

Open eric-simonton-sama opened this issue 2 years ago • 1 comments

Describe the problem you'd like to see solved or task you'd like to see made easier

We need to decide how frequently we need to upgrade Angular across teams at my company. We'd like to target once/year, which will keep us inside Angular's LTS for bugs & security vulnerabilities. However, 3rd party libraries like this one are also a consideration.

Can you shed any light on your plans/policy for version compatibility between this library and Angular versions, and when you would or would not release patches to support older versions of Angular that are still within LTS?

Is this in relation to an existing part of angular-fontawesome or something new?

Existing

What is 1 thing that we can do when building this feature that will guarantee that it is awesome?

Match Angular's LTS policy. Second best: have a clear policy so we can plan accordingly!

Why would other angular-fontawesome users care about this?

It could be relevant for any company when considering upgrade cadences

On a scale of 1 (sometime in the future) to 10 (absolutely right now), how soon would you recommend we make this feature?

Hopefully you can communicate the current state of things easily!

Feature request checklist

  • [X] This is a single feature (i.e. not a re-write of all of Font Awesome)
  • [X] The title starts with "Feature request: " and is followed by a clear feature name (Ex: Feature request: moar cowbell)
  • [X] I have searched for existing issues and to the best of my knowledge this is not a duplicate

eric-simonton-sama avatar Aug 10 '22 15:08 eric-simonton-sama

@eric-simonton-sama We generally aim to support the latest major Angular release shortly after it has been released. We don't have an LTS policy and only the latest version of angular-fontawesome is supported. Having said that, the scope of this library is pretty narrow, so the risk of discovering security vulnerabilities should be pretty low.

@robmadole Any thoughts on setting up the security policy? Is it something you have in other Font Awesome projects?

devoto13 avatar Aug 11 '22 08:08 devoto13

I'm going to close this issue as answered. At this point, angular-fontawesome is an open-source project primarily maintained by volunteers. Only the last version will receive patches on a best-effort basis as we don't have the capacity to offer LTS releases.

If you have any further concerns, I would suggest contacting Font Awesome (the company) at [email protected].

devoto13 avatar Nov 12 '22 20:11 devoto13