Release for Mainnet compatibility (#82)

* Feature/ci * made a docker image * ignore yarn * get rid of .yarn from commit * lock changed * docker compose * azure devops ci Co-authored-by: Thomas McDonald <[email protected]> * Point Creditcoin Test to updated subscan domain * Run CI jobs on PRs for dev * Don't automatically close PRs as stale * Fix height of the Recent Payouts widget * Distinguish era 0 from era data unsynced * Make `isPlaceholder` mandatory * Remove broken subscan button from overview page * Remove unused import * Hide the "Mainnet" entry from the networks list to prevent tester (#12) confusion Co-authored-by: Ada <> * Set TestNet as default * Change text color on buttons from white to black (#14) * Remove default filter excludes; Add community entry for Gluwa (#15) * Make linter happy (#16) * Remove Active Pools from Overview page (#17) Co-authored-by: Ada <> * Remove exclusion filters for validator selection methods (#18) * Updated colors for Test and Dev networks (#19) * Fix: Adjust fontSize, some colors / change the font-family, some svg (#20) * Fix: Add paddingBottom to Balance section in Overview * Fix incosistent filter behavior in validator list; Fix duplicates when autogenerating validator list * Fix support email in Gluwa Validator Identity * [SS-170] Adjust margins on Nominate pages * [SS-172] Change the title font-size on the Details page * [SS-169] The color of text should be black with the background color of the button is #9CFFAA * Remove Add Parachain Validator button * Remove controller account deprecation warning * Remove references to pools, ledger, and polkadot vault * Resolve CSUB-581; Rebased on CSUB-580; Remove Locale Validation from CI' * [SS-164] Remove h4 color setting * [SS-173] Set default color * [SS-173] Change default color setup * [SS-174] Guage color changed * [SS-173] Add support default address color * Remove pools announcements from overview page * Remove Devnet entry from Networks List * Update branding per marketing * prod build * Delete OldDockerfile * Remove staging dashboard URL, see https://community.creditcoin.org/t/testnet-staking-dashboard-gone/751 https://gluwa.slack.com/archives/C02H93W9LLT/p1688020056679919 * Create codeql.yml * Remove Dependabot auto-merge CI job * Enable Pre-commit CI * [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci * Use telemetry.creditcoin.network instead of polkadot.io * Enable YAML check with Pre-commit CI * Update CI config b/c of invalid job definition validate-locales job has been removed in 7db5e488c611fc1db8a77f347b7bc7e89e16be3f and we can't depend on it * Bump typescript from 5.0.4 to 5.1.6 Bumps [typescript](https://github.com/Microsoft/TypeScript) from 5.0.4 to 5.1.6. - [Release notes](https://github.com/Microsoft/TypeScript/releases) - [Commits](microsoft/TypeScript@v5.0.4...v5.1.6) --- updated-dependencies: - dependency-name: typescript dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Bump framer-motion from 10.12.16 to 10.12.18 Bumps [framer-motion](https://github.com/framer/motion) from 10.12.16 to 10.12.18. - [Changelog](https://github.com/framer/motion/blob/main/CHANGELOG.md) - [Commits](motiondivision/motion@v10.12.16...v10.12.18) --- updated-dependencies: - dependency-name: framer-motion dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * Bump vite-bundle-visualizer from 0.7.0 to 0.8.0 Bumps [vite-bundle-visualizer](https://github.com/KusStar/vite-bundle-visualizer) from 0.7.0 to 0.8.0. - [Commits](KusStar/vite-bundle-visualizer@v0.7.0...v0.8.0) --- updated-dependencies: - dependency-name: vite-bundle-visualizer dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Bump vite-plugin-checker from 0.6.0 to 0.6.1 Bumps [vite-plugin-checker](https://github.com/fi3ework/vite-plugin-checker) from 0.6.0 to 0.6.1. - [Release notes](https://github.com/fi3ework/vite-plugin-checker/releases) - [Changelog](https://github.com/fi3ework/vite-plugin-checker/blob/main/CHANGELOG.md) - [Commits](https://github.com/fi3ework/vite-plugin-checker/compare/[email protected]@0.6.1) --- updated-dependencies: - dependency-name: vite-plugin-checker dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * Bump @substrate/connect from 0.7.26 to 0.7.30 Bumps [@substrate/connect](https://github.com/paritytech/substrate-connect) from 0.7.26 to 0.7.30. - [Changelog](https://github.com/paritytech/substrate-connect/blob/main/DEPLOY-RELEASE.md) - [Commits](https://github.com/paritytech/substrate-connect/commits) --- updated-dependencies: - dependency-name: "@substrate/connect" dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * Bump @polkadot/util from 12.2.1 to 12.3.2 Bumps [@polkadot/util](https://github.com/polkadot-js/common/tree/HEAD/packages/util) from 12.2.1 to 12.3.2. - [Release notes](https://github.com/polkadot-js/common/releases) - [Changelog](https://github.com/polkadot-js/common/blob/master/CHANGELOG.md) - [Commits](https://github.com/polkadot-js/common/commits/v12.3.2/packages/util) --- updated-dependencies: - dependency-name: "@polkadot/util" dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Bump i18next-browser-languagedetector from 7.0.2 to 7.1.0 Bumps [i18next-browser-languagedetector](https://github.com/i18next/i18next-browser-languageDetector) from 7.0.2 to 7.1.0. - [Changelog](https://github.com/i18next/i18next-browser-languageDetector/blob/master/CHANGELOG.md) - [Commits](i18next/i18next-browser-languageDetector@v7.0.2...v7.1.0) --- updated-dependencies: - dependency-name: i18next-browser-languagedetector dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Bump @polkadot/react-identicon from 3.4.1 to 3.5.1 Bumps [@polkadot/react-identicon](https://github.com/polkadot-js/ui/tree/HEAD/packages/react-identicon) from 3.4.1 to 3.5.1. - [Release notes](https://github.com/polkadot-js/ui/releases) - [Changelog](https://github.com/polkadot-js/ui/blob/master/CHANGELOG.md) - [Commits](https://github.com/polkadot-js/ui/commits/v3.5.1/packages/react-identicon) --- updated-dependencies: - dependency-name: "@polkadot/react-identicon" dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Reduce the frequency of Dependabot and don't jump to major versions * Enable MegaLinter * Apply eslint --fix to files outside src/ * Disable react/jsx-curly-brace-presence rule b/c it breaks builds with this rule enabled we get /home/runner/work/creditcoin-staking-dashboard/creditcoin-staking-dashboard/src/library/Headers/Connected.tsx Error: 54:23 error Curly braces are unnecessary here react/jsx-curly-brace-presence Error: 69:23 error Curly braces are unnecessary here react/jsx-curly-brace-presence and can't finish the build * Comment out unused variable. Disabled in c643b252f * Apply eslint --fix * removed light client option from network selection * updated src/library/Form/Unbond/UnbondFeedback.tsx to use the correct number of decimals in error messages * renaming incorrect branches * validator splits not correctly summing to total bonded amound in staking dashboard * Run yarn list in CI to dump the versions of installed packages for future reference * eslint: disable import/order rule because it produces lots of offences and fixing some of these offences conflicts with the import ordering expected by prettier! * Add a security policy * re-added code to handle nomination pool case updated NominationStatus.tsx to show the correct breakdown of bonded fund between validators * added reset function that clears local storage and does a hard reload of the window location when the error boundary is broken * Move subwallet to first position in connect menu; Update Subwallet icon * Uncomment mainnet entry * Update Mainnet entry to loadbalanced url * [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: Thomas McDonald <[email protected]> Co-authored-by: Ada <> Co-authored-by: Alex Todorov <[email protected]> Co-authored-by: Ada <unknown> Co-authored-by: Nathan Whitaker <[email protected]> Co-authored-by: Nathan Whitaker <[email protected]> Co-authored-by: nbass3 <[email protected]> Co-authored-by: Hyeonggook Lee <[email protected]> Co-authored-by: Ada Anderson <[email protected]> Co-authored-by: David Lebee <[email protected]> Co-authored-by: Alexander Todorov <[email protected]> Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Zachary Frederick <[email protected]> Co-authored-by: Zach Frederick <[email protected]>
gluwa · Nov 30, 2023 · a57acc6 · a57acc6
1 parent 54eb289
commit a57acc6
Show file tree

Hide file tree

Showing 49 changed files with 1,153 additions and 699 deletions.
diff --git a/.dockerignore b/.dockerignore
@@ -1,3 +1,3 @@
 .yarn
 node_modules
-package-lock.json
+package-lock.json
diff --git a/.env b/.env
@@ -14,4 +14,4 @@
 # VITE_DISCLAIMER_URL=https://parity.io/disclaimer/
 
 # Provide a legal disclosure url in the network bar.
-# VITE_LEGAL_DISCLOSURES_URL=https://polkadot.network/legal-disclosures/
+# VITE_LEGAL_DISCLOSURES_URL=https://polkadot.network/legal-disclosures/
diff --git a/.eslintignore b/.eslintignore
@@ -20,4 +20,4 @@ dist
 build
 vite.config.ts
 public/lottie/player.js
-CHANGELOG.md
+CHANGELOG.md
diff --git a/.eslintrc.json b/.eslintrc.json
@@ -31,12 +31,14 @@
   "rules": {
     // NOTE: These rules are being reviewed and comments justifying their deactivation will be
     // added.
+    "import/order": "off",
     "react/require-default-props": "off",
     "jsx-a11y/control-has-associated-label": "off",
     "react/no-access-state-in-setstate": "off",
     "react/destructuring-assignment": "off",
     "react/function-component-definition": "off",
     "react/jsx-no-constructed-context-values": "off",
+    "react/jsx-curly-brace-presence": "off",
     "react/no-array-index-key": "off",
     "react/react-in-jsx-scope": "off",
     "react/jsx-props-no-spreading": "off",

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -4,9 +4,12 @@ updates:
   - package-ecosystem: npm
     directory: '/'
     schedule:
-      interval: daily
+      interval: monthly
+    ignore:
+      - dependency-name: '*'
+        update-types: ['version-update:semver-patch']
     open-pull-requests-limit: 10
   - package-ecosystem: github-actions
     directory: '/'
     schedule:
-      interval: daily
+      interval: monthly
diff --git a/.github/workflows/auto-merge.yml b/.github/workflows/auto-merge.yml
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -25,13 +25,14 @@ jobs:
         with:
           node-version: ${{ matrix.node-version }}
       - run: yarn install
+      - run: yarn list
       - run: yarn build
       - run: yarn lint
       - run: yarn test
 
   all:
     # This job ensures that all jobs above (now we have just build) are successful.
-    needs: [check-license-lines, build, validate-locales]
+    needs: [check-license-lines, build]
     runs-on: ubuntu-latest
     steps:
       - run: echo Success
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -0,0 +1,74 @@
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: 'CodeQL'
+
+on:
+  push:
+    branches: ['dev']
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: ['dev']
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
+    timeout-minutes: ${{ (matrix.language == 'swift' && 120) || 360 }}
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: ['javascript']
+        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby', 'swift' ]
+        # Use only 'java' to analyze code written in Java, Kotlin or both
+        # Use only 'javascript' to analyze code written in JavaScript, TypeScript or both
+        # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      # Initializes the CodeQL tools for scanning.
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v2
+        with:
+          languages: ${{ matrix.language }}
+          # If you wish to specify custom queries, you can do so here or in a config file.
+          # By default, queries listed here will override any specified in a config file.
+          # Prefix the list here with "+" to use these queries and those in the config file.
+
+          # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
+          # queries: security-extended,security-and-quality
+
+      # Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift).
+      # If this step fails, then you should remove it and run the build manually (see below)
+      - name: Autobuild
+        uses: github/codeql-action/autobuild@v2
+
+      # ℹ️ Command-line programs to run using the OS shell.
+      # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
+
+      #   If the Autobuild fails above, remove it and uncomment the following three lines.
+      #   modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.
+
+      # - run: |
+      #     echo "Run, Build Application using script"
+      #     ./location_of_script_within_repo/buildscript.sh
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v2
+        with:
+          category: '/language:${{matrix.language}}'
diff --git a/.github/workflows/mega-linter.yml b/.github/workflows/mega-linter.yml
@@ -0,0 +1,81 @@
+---
+# MegaLinter GitHub Action configuration file
+# More info at https://megalinter.io
+name: MegaLinter
+
+on:
+  pull_request:
+    branches: [dev]
+
+permissions: read-all
+
+env: # Comment env block if you do not want to apply fixes
+  # Apply linter fixes configuration
+  APPLY_FIXES: none # When active, APPLY_FIXES must also be defined as environment variable (in github/workflows/mega-linter.yml or other CI tool)
+  APPLY_FIXES_EVENT: pull_request # Decide which event triggers application of fixes in a commit or a PR (pull_request, push, all)
+  APPLY_FIXES_MODE: commit # If APPLY_FIXES is used, defines if the fixes are directly committed (commit) or posted in a PR (pull_request)
+
+concurrency:
+  group: ${{ github.ref }}-${{ github.workflow }}
+  cancel-in-progress: true
+
+jobs:
+  build:
+    name: MegaLinter
+    runs-on: ubuntu-latest
+    steps:
+      # Git Checkout
+      - name: Checkout Code
+        uses: actions/checkout@v3
+        with:
+          token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }}
+          fetch-depth: 0 # If you use VALIDATE_ALL_CODEBASE = true, you can remove this line to improve performances
+
+      # MegaLinter
+      - name: MegaLinter
+        id: ml
+        # You can override MegaLinter flavor used to have faster performances
+        # More info at https://megalinter.io/flavors/
+        uses: oxsecurity/megalinter/flavors/javascript@v6
+        env:
+          # All available variables are described at https://megalinter.io/configuration/
+          # and configured in .mega-linter.yml
+          VALIDATE_ALL_CODEBASE: true
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      # Upload MegaLinter artifacts
+      - name: Archive production artifacts
+        if: ${{ success() }} || ${{ failure() }}
+        uses: actions/upload-artifact@v3
+        with:
+          name: MegaLinter reports
+          path: |
+            megalinter-reports
+            mega-linter.log
+
+      # Create pull request if applicable (for now works only on PR from same repository, not from forks)
+      - name: Create Pull Request with applied fixes
+        id: cpr
+        if: steps.ml.outputs.has_updated_sources == 1 && (env.APPLY_FIXES_EVENT == 'all' || env.APPLY_FIXES_EVENT == github.event_name) && env.APPLY_FIXES_MODE == 'pull_request' && (github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository)
+        uses: peter-evans/create-pull-request@v5
+        with:
+          token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }}
+          commit-message: '[MegaLinter] Apply linters automatic fixes'
+          title: '[MegaLinter] Apply linters automatic fixes'
+          labels: bot
+      - name: Create PR output
+        if: steps.ml.outputs.has_updated_sources == 1 && (env.APPLY_FIXES_EVENT == 'all' || env.APPLY_FIXES_EVENT == github.event_name) && env.APPLY_FIXES_MODE == 'pull_request' && (github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository)
+        run: |
+          echo "Pull Request Number - ${{ steps.cpr.outputs.pull-request-number }}"
+          echo "Pull Request URL - ${{ steps.cpr.outputs.pull-request-url }}"
+
+      # Push new commit if applicable (for now works only on PR from same repository, not from forks)
+      - name: Prepare commit
+        if: steps.ml.outputs.has_updated_sources == 1 && (env.APPLY_FIXES_EVENT == 'all' || env.APPLY_FIXES_EVENT == github.event_name) && env.APPLY_FIXES_MODE == 'commit' && github.ref != 'refs/heads/dev' && (github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository)
+        run: sudo chown -Rc $UID .git/
+      - name: Commit and push applied linter fixes
+        if: steps.ml.outputs.has_updated_sources == 1 && (env.APPLY_FIXES_EVENT == 'all' || env.APPLY_FIXES_EVENT == github.event_name) && env.APPLY_FIXES_MODE == 'commit' && github.ref != 'refs/heads/dev' && (github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository)
+        uses: stefanzweifel/git-auto-commit-action@v4
+        with:
+          branch: ${{ github.event.pull_request.head.ref || github.head_ref || github.ref }}
+          commit_message: '[MegaLinter] Apply linters fixes'
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -0,0 +1,12 @@
+# See https://pre-commit.com for more information
+# See https://pre-commit.com/hooks.html for more hooks
+---
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.4.0
+    hooks:
+      - id: check-yaml
+      - id: end-of-file-fixer
+      - id: mixed-line-ending
+        args: [--fix=lf]
+      - id: trailing-whitespace
diff --git a/.prettierignore b/.prettierignore
@@ -7,4 +7,4 @@
 **/tsconfig.json
 dist
 src/img/**/*
-public/lottie/player.js
+public/lottie/player.js
diff --git a/Dockerfile b/Dockerfile
@@ -1,24 +1,15 @@
-FROM node:18
+# build environment
+FROM node:18 as build
 WORKDIR /app
 COPY . .
-# RUN mkdir /root/.ssh
-# ADD ./.ssh/ /root/.ssh
-# RUN chown node:node /app package.json yarn.lock
-# USER node
-# RUN useradd nodeUser
-# RUN su - nodeUser
-# RUN mkdir ~/.ssh/
-# RUN cd ~/.ssh && ssh-keygen -t rsa -N '' -f ~/.ssh/id_rsa
-
 RUN npm install yarn --legacy-peer-deps
-
-# RUN touch ~/.ssh/known_hosts
-# RUN ssh-keyscan -t rsa github.com >> ~/.ssh/known_hosts
-# RUN eval $(ssh-agent)
-
 RUN git config --global url."https://github.com/".insteadOf [email protected]:
 RUN git config --global url."https://".insteadOf ssh://git
-
-RUN yarn install 
-CMD ["yarn", "dev"]
-EXPOSE 5173
+RUN yarn install
+RUN yarn build
+
+# production environment
+FROM nginx:1.16.0-alpine
+COPY --from=build /app/build /usr/share/nginx/html
+EXPOSE 80
+CMD ["nginx", "-g", "daemon off;"]
diff --git a/README.md b/README.md
@@ -2,15 +2,10 @@
 
 # Creditcoin Staking Dashboard
 
-#### Staging (Latest Version):
-
-https://staking-dashboard-test-app.azurewebsites.net
-
 #### Production:
 
 https://staking.creditcoin.org
 
-
 ## Validator Operator Setup Guide
 
 Validator operators can add their contact information, icon, and which validators they operate, to the dashboard’s Community section. The Community feature is designed to give non-biased exposure to validator operators, and to host a fully-featured validator browser just for that operator's validators.
@@ -68,7 +63,7 @@ export const ValidatorCommunity = [
 ### General Requirements
 
 | Requirement | Notes                                                                                                                                                                                             |
-| ----------- |---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| ----------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
 | Accuracy    | Operator contact details must be working and valid.                                                                                                                                               |
 | Liveness    | All submitted validator addresses must be discoverable as a validator on the network in question - whether Mainnet or Testnet.                                                                    |
 | Ordering    | Please place your operator in alphabetical order within `ValidatorCommunity`. Operators are shuffled before being displayed in the dashboard, removing any bias associated with ordering methods. |

diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,35 @@
+# Security Policy
+
+## Reporting a Security Concern
+
+**DO NOT CREATE AN ISSUE** to report a security problem.
+
+Go to [https://github.com/gluwa/creditcoin-staking-dashboard/security/advisories/new](https://github.com/gluwa/creditcoin-staking-dashboard/security/advisories/new) and open a vulnerability report. Send an email to [[email protected]](mailto:[email protected]) and provide your GitHub username. The team will triage the issue from there.
+
+For security reasons, DO NOT include attachments or provide detail sufficient for exploitation regarding the security issue in this email. Instead, wait for the advisory to be created, and **provide any sensitive details in the private GitHub advisory**.
+
+If you haven't done so already, please **enable two-factor authentication** in your GitHub account.
+
+Send the email from an email domain that is less likely to get flagged for spam by Gmail.
+
+This is an actively monitored account, and the team will quickly respond.
+
+If you do not receive a response within 24 hours, please directly follow up with the team in [Discord](https://discord.gg/creditcoin) by reaching out to anyone with the role “Creditcoin Team”.
+
+As above, please DO NOT include attachments or provide detail regarding the security issue in this email.
+
+## Incident Response Process
+
+1. Establish a new draft security advisory
+    1. In response to an email to [[email protected]](mailto:[email protected]), a member of the Creditcoin team will create a new draft security advisory for the incident at [https://github.com/gluwa/creditcoin-staking-dashboard/security/advisories](https://github.com/gluwa/creditcoin-staking-dashboard/security/advisories).
+    2. Add the reporter's GitHub account and relevant individuals to the draft security advisory.
+    3. Respond to the reporter by email, sharing a link to the draft security advisory.
+2. Reporter should add appropriate content to the draft security advisory to help the team resolve the issue. This includes:
+    1. A clear description of the issue and the impacted areas.
+    2. The code and the methodology to reproduce the underlying issue.
+    3. Discussion of potential remediations.
+3. Triage
+    1. Validate the issue.
+    2. Determine the criticality of the issue.
+    3. If this is a bug and not a security issue, recommend to the submitter to create an issue.
+4. Release a new version resolving the issue