From 706ae1bf75b6aa34ef1a7ce5756afd3b9a099fe0 Mon Sep 17 00:00:00 2001
From: ispmng <97710330+ispmng@users.noreply.github.com>
Date: Fri, 14 Jan 2022 10:20:30 +0200
Subject: [PATCH 1/3] Create njsscan-analysis.yml

---
 .github/workflows/njsscan-analysis.yml | 35 ++++++++++++++++++++++++++
 1 file changed, 35 insertions(+)
 create mode 100644 .github/workflows/njsscan-analysis.yml

diff --git a/.github/workflows/njsscan-analysis.yml b/.github/workflows/njsscan-analysis.yml
new file mode 100644
index 00000000..4e6905bf
--- /dev/null
+++ b/.github/workflows/njsscan-analysis.yml
@@ -0,0 +1,35 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+# This workflow integrates njsscan with GitHub's Code Scanning feature
+# nodejsscan is a static security code scanner that finds insecure code patterns in your Node.js applications
+
+name: njsscan sarif
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ main ]
+  schedule:
+    - cron: '15 7 * * 3'
+
+jobs:
+  njsscan:
+    runs-on: ubuntu-latest
+    name: njsscan code scanning
+    steps:
+    - name: Checkout the code
+      uses: actions/checkout@v2
+    - name: nodejsscan scan
+      id: njsscan
+      uses: ajinabraham/njsscan-action@7237412fdd36af517e2745077cedbf9d6900d711
+      with:
+        args: '. --sarif --output results.sarif || true'
+    - name: Upload njsscan report
+      uses: github/codeql-action/upload-sarif@v1
+      with:
+        sarif_file: results.sarif

From 207fc562778aca06c00a9ae196192966bd400dd5 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 14 Jan 2022 08:21:06 +0000
Subject: [PATCH 2/3] Bump pillow from 7.2 to 9.0.0 in /__tests__/data

Bumps [pillow](https://github.com/python-pillow/Pillow) from 7.2 to 9.0.0.
- [Release notes](https://github.com/python-pillow/Pillow/releases)
- [Changelog](https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst)
- [Commits](https://github.com/python-pillow/Pillow/compare/7.2.0...9.0.0)

---
updated-dependencies:
- dependency-name: pillow
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 __tests__/data/requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/__tests__/data/requirements.txt b/__tests__/data/requirements.txt
index fa40ab3c..4a132e32 100644
--- a/__tests__/data/requirements.txt
+++ b/__tests__/data/requirements.txt
@@ -30,7 +30,7 @@ pdf2image==1.12.1
 
 pefile==2021.9.3; python_full_version >= '3.6.0'
 
-pillow==7.2
+pillow==9.0.0
 
 pygments==2.6.1
 

From 32e118698c96b0169926f2ae94cb3036ef2567d5 Mon Sep 17 00:00:00 2001
From: ispmng <97710330+ispmng@users.noreply.github.com>
Date: Fri, 14 Jan 2022 10:27:04 +0200
Subject: [PATCH 3/3] Create SECURITY.md

---
 SECURITY.md | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000..034e8480
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,21 @@
+# Security Policy
+
+## Supported Versions
+
+Use this section to tell people about which versions of your project are
+currently being supported with security updates.
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 5.1.x   | :white_check_mark: |
+| 5.0.x   | :x:                |
+| 4.0.x   | :white_check_mark: |
+| < 4.0   | :x:                |
+
+## Reporting a Vulnerability
+
+Use this section to tell people how to report a vulnerability.
+
+Tell them where to go, how often they can expect to get an update on a
+reported vulnerability, what to expect if the vulnerability is accepted or
+declined, etc.