From afdfed65b5a4ee30b681eb2318a87934ac242b77 Mon Sep 17 00:00:00 2001 From: Tack kee Date: Sun, 25 Jan 2026 11:15:43 +0700 Subject: [PATCH 01/12] Create SECURITY.md for security policy and reporting Added a security policy document outlining supported versions and vulnerability reporting. --- SECURITY.md | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 000000000..034e84803 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,21 @@ +# Security Policy + +## Supported Versions + +Use this section to tell people about which versions of your project are +currently being supported with security updates. + +| Version | Supported | +| ------- | ------------------ | +| 5.1.x | :white_check_mark: | +| 5.0.x | :x: | +| 4.0.x | :white_check_mark: | +| < 4.0 | :x: | + +## Reporting a Vulnerability + +Use this section to tell people how to report a vulnerability. + +Tell them where to go, how often they can expect to get an update on a +reported vulnerability, what to expect if the vulnerability is accepted or +declined, etc. From 3f535b4c36fcf6ae61609bb3a5fc28db31461ffb Mon Sep 17 00:00:00 2001 From: Tack kee Date: Tue, 27 Jan 2026 00:17:45 +0700 Subject: [PATCH 02/12] Potential fix for code scanning alert no. 1: Workflow does not contain permissions Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Tack kee --- .github/workflows/Release.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/Release.yml b/.github/workflows/Release.yml index e890bb5a7..d5e4cf823 100644 --- a/.github/workflows/Release.yml +++ b/.github/workflows/Release.yml @@ -1,5 +1,8 @@ name: GitHub Release with APKs +permissions: + contents: write + on: workflow_dispatch: push: From 866b2f6b9d8fdc716f9a5fefd1219c079a150c85 Mon Sep 17 00:00:00 2001 From: Tack kee Date: Tue, 27 Jan 2026 12:40:11 +0700 Subject: [PATCH 03/12] Potential fix for code scanning alert no. 2: Workflow does not contain permissions Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Tack kee --- .github/workflows/Build.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/Build.yaml b/.github/workflows/Build.yaml index 7e5a80eea..82be0b359 100644 --- a/.github/workflows/Build.yaml +++ b/.github/workflows/Build.yaml @@ -192,6 +192,9 @@ jobs: androidTest: runs-on: ubuntu-latest + permissions: + contents: read + pull-requests: write timeout-minutes: 55 strategy: matrix: From 71ac2e89f84547a649079d2d9ed6bb2e682dd37f Mon Sep 17 00:00:00 2001 From: Pichai Takengrach <233528480+PichaiTK@users.noreply.github.com> Date: Tue, 24 Mar 2026 20:04:13 +0700 Subject: [PATCH 04/12] Update LICENSE 233528480+PichaiTK@users.noreply.github.com Signed-off-by: Pichai Takengrach <233528480+PichaiTK@users.noreply.github.com> --- LICENSE | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/LICENSE b/LICENSE index d64569567..2a39a490c 100644 --- a/LICENSE +++ b/LICENSE @@ -187,7 +187,7 @@ same "printed page" as the copyright notice for easier identification within third-party archives. - Copyright [yyyy] [name of copyright owner] + Copyright PichaiTK​ name of copyright owner Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. From 4c3c1c1fdbbfd91deb7a9193abf1662872bccf88 Mon Sep 17 00:00:00 2001 From: Pichai Takengrach <233528480+PichaiTK@users.noreply.github.com> Date: Tue, 24 Mar 2026 20:05:53 +0700 Subject: [PATCH 05/12] Create LICENSE-Markdown.md 233528480+PichaiTK@users.noreply.github.com Signed-off-by: Pichai Takengrach <233528480+PichaiTK@users.noreply.github.com> --- LICENSE-Markdown.md | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 LICENSE-Markdown.md diff --git a/LICENSE-Markdown.md b/LICENSE-Markdown.md new file mode 100644 index 000000000..639963626 --- /dev/null +++ b/LICENSE-Markdown.md @@ -0,0 +1,32 @@ +````markdown name=LICENSES.md +# Licenses included in this repository + +This repository includes multiple license texts to make it simple to pick and apply the license that suits your project and its components. + +Files provided: +- `LICENSE` — MIT License (recommended default). Short, permissive, widely used. +- `LICENSE.APACHE-2.0` — Apache License 2.0 (if you want patent grant and a few additional protections). +- `LICENSES.md` — this file (you are reading it). + +If you want to apply a single license to the entire repository, pick one of the files above and keep it as `LICENSE` at the repository root. The current default `LICENSE` file contains the MIT license and is assigned to the project by default. + +Recommended actions: +1. Choose one license (MIT or Apache-2.0) for the project. Remove extra license files if you do not plan to multi-license. +2. Add a short SPDX header to each source file (see `SPDX-HEADERS.txt` for examples). +3. If you accept contributions and want them under the project's license, include a CONTRIBUTING.md that states the contributor license expectations (Contributor License Agreement or DCO). +4. If you plan to dual-license, make that explicit in the repository README and each release. + +Notes about licenses: +- MIT is permissive: allows reuse with minimal obligations (must keep copyright & license). +- Apache-2.0 is permissive and includes an explicit patent grant and patent retaliation clause. +- GPL-3.0 (not included as a text file here) is copyleft (derivative works must be licensed under GPL-3.0). If you need GPL, add `COPYING` with the GPL-3.0 text. + +SPDX expressions: +- To mark the project as MIT: `SPDX-License-Identifier: MIT` +- For Apache 2.0: `SPDX-License-Identifier: Apache-2.0` + +If you want, I can: +- Replace the repository `LICENSE` with Apache-2.0 or GPL-3.0 in full. +- Add SPDX headers automatically to all TS/JS/PY files in the repo. +- Add a `CONTRIBUTING.md` describing contributor license terms (DCO / CLA). + From 2209c71150e3097fab9452c4284348f7092d1ad5 Mon Sep 17 00:00:00 2001 From: Pichai Takengrach <233528480+PichaiTK@users.noreply.github.com> Date: Tue, 24 Mar 2026 20:11:35 +0700 Subject: [PATCH 06/12] Create License-mit.md 233528480+PichaiTK@users.noreply.github.com Signed-off-by: Pichai Takengrach <233528480+PichaiTK@users.noreply.github.com> --- License-mit.md | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 License-mit.md diff --git a/License-mit.md b/License-mit.md new file mode 100644 index 000000000..1ea794efc --- /dev/null +++ b/License-mit.md @@ -0,0 +1,22 @@ +MIT License + +Copyright (c) 2026 Pichai​ ​Takengrach​ + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. + From f1e731c3ef122e6e4608736a20b01c34d24f6188 Mon Sep 17 00:00:00 2001 From: Pichai Takengrach <233528480+PichaiTK@users.noreply.github.com> Date: Tue, 24 Mar 2026 20:33:58 +0700 Subject: [PATCH 07/12] Update LICENSE-Markdown.md --- LICENSE-Markdown.md | 1 + 1 file changed, 1 insertion(+) diff --git a/LICENSE-Markdown.md b/LICENSE-Markdown.md index 639963626..ac07d6c1d 100644 --- a/LICENSE-Markdown.md +++ b/LICENSE-Markdown.md @@ -30,3 +30,4 @@ If you want, I can: - Add SPDX headers automatically to all TS/JS/PY files in the repo. - Add a `CONTRIBUTING.md` describing contributor license terms (DCO / CLA). + From 075be45e148ee6303f4d089b885f891febdc5b68 Mon Sep 17 00:00:00 2001 From: Pichai Takengrach <233528480+PichaiTK@users.noreply.github.com> Date: Tue, 24 Mar 2026 20:34:23 +0700 Subject: [PATCH 08/12] Update .github/workflows/Build.yaml --- .github/workflows/Build.yaml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/Build.yaml b/.github/workflows/Build.yaml index 40e77512d..011b75e0b 100644 --- a/.github/workflows/Build.yaml +++ b/.github/workflows/Build.yaml @@ -190,11 +190,12 @@ jobs: - name: Check badging run: ./gradlew :app:checkProdReleaseBadging - androidTest: - runs-on: ubuntu-latest +androidTest: +runs-on: ubuntu-latest permissions: contents: read pull-requests: write + timeout-minutes: 55 strategy: matrix: From a7cde365cafb23555a3f84abc5ebbcf8ed284551 Mon Sep 17 00:00:00 2001 From: Pichai Takengrach <233528480+PichaiTK@users.noreply.github.com> Date: Tue, 24 Mar 2026 20:34:38 +0700 Subject: [PATCH 09/12] Update .github/workflows/Release.yml --- .github/workflows/Release.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/Release.yml b/.github/workflows/Release.yml index d5e4cf823..86e80ddbd 100644 --- a/.github/workflows/Release.yml +++ b/.github/workflows/Release.yml @@ -3,6 +3,7 @@ name: GitHub Release with APKs permissions: contents: write + on: workflow_dispatch: push: From deb7f71e1b78700bc7f8cb30ffdda1ae65c9275d Mon Sep 17 00:00:00 2001 From: Pichai Takengrach <233528480+PichaiTK@users.noreply.github.com> Date: Tue, 24 Mar 2026 20:34:53 +0700 Subject: [PATCH 10/12] Update LICENSE --- LICENSE | 1 + 1 file changed, 1 insertion(+) diff --git a/LICENSE b/LICENSE index 2a39a490c..fc25a79ce 100644 --- a/LICENSE +++ b/LICENSE @@ -188,6 +188,7 @@ identification within third-party archives. Copyright PichaiTK​ name of copyright owner + Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. From ea48fddd7b3d50a07657dd63332e4d327ae537c0 Mon Sep 17 00:00:00 2001 From: Pichai Takengrach <233528480+PichaiTK@users.noreply.github.com> Date: Tue, 24 Mar 2026 20:35:34 +0700 Subject: [PATCH 11/12] Update License-mit.md --- License-mit.md | 1 + 1 file changed, 1 insertion(+) diff --git a/License-mit.md b/License-mit.md index 1ea794efc..a9877e369 100644 --- a/License-mit.md +++ b/License-mit.md @@ -20,3 +20,4 @@ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + From 36f5b04220f67f65257436b6536f5e85fab62ab1 Mon Sep 17 00:00:00 2001 From: Pichai Takengrach <233528480+PichaiTK@users.noreply.github.com> Date: Tue, 24 Mar 2026 20:35:52 +0700 Subject: [PATCH 12/12] Update SECURITY.md --- SECURITY.md | 1 + 1 file changed, 1 insertion(+) diff --git a/SECURITY.md b/SECURITY.md index 034e84803..c78238de6 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -19,3 +19,4 @@ Use this section to tell people how to report a vulnerability. Tell them where to go, how often they can expect to get an update on a reported vulnerability, what to expect if the vulnerability is accepted or declined, etc. +