Merge pull request #50 from ianlewis/repo-template

Sync w/ upstream ianlewis/repo-template

Author: ianlewis

.textlintrc.yaml

@@ -21,39 +21,39 @@ rules:
   spelling:
     language: "en"
     skipPatterns:
-      - "Codecov" # Code coverage service
+      - "/\\bCodecov\\b/" # Code coverage service
 
-      - "CHANGELOG"
-      - "CODEOWNER"
-      - "CLA"
-      - "CLI"
-      - "CVSS"
-      - "DCO"
-      - "PR"
-      - "UI"
-      - "YAML"
-      - "Changelog"
-      - "CodeQL"
-      - "Dependabot"
-      - "JavaScript"
-      - "MacOS"
-      - "Makefile"
-      - "Node.js"
-      - "OpenSSF"
-      - "TODO"
-      - "e2e"
-      - "/[Ff]ormatter/"
-      - "/[Ll]inter/"
-      - "/[Pp]re/"
-      - "/[Rr]ebase/"
-      - "/[Rr]eproducibility/"
-      - "/[Rr]uleset/"
-      - "/[Rr]untime/"
-      - "/[Ss]exualized/"
-      - "/[Ss]ocio-economic/"
-      - "/[Uu]serspace/"
-      - "/[Vv]endored/"
-      - "/[Vv]irtualenv/"
-      - "/v[0-9]+/"
-      - "/[0-9]+/"
+      - "/\\bCHANGELOG\\b/g"
+      - "/\\bCODEOWNER\\b/g"
+      - "/\\bCLA\\b/g"
+      - "/\\bCLI\\b/g"
+      - "/\\bCVSS\\b/g"
+      - "/\\bDCO\\b/g"
+      - "/\\bPRs?\\b/g"
+      - "/\\bUI\\b/g"
+      - "/\\bYAML\\b/g"
+      - "/\\bChangelog\\b/g"
+      - "/\\bCodeQL\\b/g"
+      - "/\\bDependabot\\b/g"
+      - "/\\bJavaScript\\b/g"
+      - "/\\bMacOS\\b/g"
+      - "/\\bMakefile\\b/g"
+      - "/\\bNode.js\\b/g"
+      - "/\\bOpenSSF\\b/g"
+      - "/\\bTODOs?\\b/g"
+      - "/\\be2e\\b/g"
+      - "/\\b[Ff]ormatters?\\b/g"
+      - "/\\b[Ll]inters?\\b/g"
+      - "/\\b[Pp]ositivity\\b/g"
+      - "/\\b[Pp]re\\b/g"
+      - "/\\b[Rr]ebase\\b/g"
+      - "/\\b[Rr]eproducibility\\b/g"
+      - "/\\b[Rr]ulesets?\\b/g"
+      - "/\\b[Rr]untimes?\\b/g"
+      - "/\\b[Ss]exualized\\b/g"
+      - "/\\b[Ss]ocio-economic\\b/g"
+      - "/\\b[Uu]serspace\\b/g"
+      - "/\\b[Vv]endored\\b/g"
+      - "/\\b[Vv]irtualenv\\b/g"
+      - "/\\bv?[0-9]+\\b/g"
       - ":white_check_mark:"

Makefile

@@ -409,7 +409,13 @@ format-check: ## Check that files are properly formatted.
 	exit_code=0; \
 	if [ -n "$$(git diff)" ]; then \
 		>&2 echo "Some files need to be formatted. Please run 'make format' and try again."; \
+		if [ "$(OUTPUT_FORMAT)" == "github" ]; then \
+			echo "::group::git diff"; \
+		fi; \
 		git --no-pager diff; \
+		if [ "$(OUTPUT_FORMAT)" == "github" ]; then \
+			echo "::endgroup::"; \
+		fi; \
 		exit_code=1; \
 	fi; \
 	git restore .; \

SECURITY.md

@@ -7,7 +7,7 @@ This document describes the security policy that applies to this repository.
 Security updates for this repository will be applied the most recent major
 version and its minor versions.
 
-For example if 2.2.0 is the latest version:
+For example, if 2.2.0 is the latest version:
 
 | Version | Supported          |
 | ------- | ------------------ |
@@ -17,7 +17,7 @@ For example if 2.2.0 is the latest version:
 | < 2.0.0 | :x:                |
 
 However, if the repository has not made a stable release (e.g. the latest
-release is < v1.0.0) then only the most latest minor version will be patched.
+release is < v1.0.0) then only the latest minor version will be patched.
 
 ## Security Release & Disclosure Process
 
@@ -46,25 +46,25 @@ It is reasonable to delay disclosure when the bug or the fix is not yet fully
 understood, the solution is not well-tested, or for vendor coordination. The
 time frame for disclosure is from immediate (especially if it's already publicly
 known) to several weeks. For a vulnerability with a straightforward mitigation,
-we expect report date to disclosure date to be on the order of 14 days.
+we expect the report date to disclosure date to be on the order of 14 days.
 
 If you know of a publicly disclosed security vulnerability please IMMEDIATELY
 [report the vulnerability](#reporting-a-vulnerability) so that the patch,
 release, and communication process can be started as early as possible.
 
-If the reporter does not go through the private disclosure process, the fix and
+If the reporter does not go through the private disclosure process, the fix, and
 release process will proceed as swiftly as possible. In extreme cases you can
 ask GitHub to delete the issue but this generally isn't necessary and is
 unlikely to make a public disclosure less damaging.
 
 ### Security Releases
 
-Once a fix is available it will be released, the GitHub Security Advisory made
-public and announced via project communication channels. Security releases
-will clearly marked as a security release and include information on which
-vulnerabilities were fixed. As much as possible this announcement should be
-actionable, and include any mitigating steps users can take prior to upgrading
-to a fixed version.
+Once a fix is available, it will be released, the GitHub Security Advisory made
+public, and the fix release announced via project communication channels.
+Security releases will be clearly marked as a security release and include
+information on which vulnerabilities were fixed. As much as possible this
+announcement should be actionable, and include any mitigating steps users can
+take prior to upgrading to a fixed version.
 
 Fixes will be applied in patch releases to all [supported
 versions](#supported-versions) and all fixed vulnerabilities will be noted in
@@ -79,7 +79,7 @@ Vulnerability severity is evaluated on a case-by-case basis, guided by [CVSS
 
 We aim to reduce the number of security issues through several general
 security-conscious development practices including the use of unit-tests,
-end-to-end (e2e) tests, static and dynamic analysis tools, and use of
+end-to-end (e2e) tests, static, and dynamic analysis tools, and use of
 memory-safe languages.
 
 We aim to fix issues discovered by analysis tools as quickly as possible. We

renovate.json5

@@ -22,7 +22,9 @@
   // NOTE: Set the prHourlyLimit to 0 to disable the hourly limit. This is done
   // because we are using a monthly schedule and the default hourly limit of 2
   // would cause Renovate to only create 2 PRs every month.
+  // Similarly set prConcurrentLimit to 0 to disable the concurrent PR limit.
   prHourlyLimit: 0,
+  prConcurrentLimit: 0,
 
   // Security alerts/updates.
   vulnerabilityAlerts: {