From 36f702c2ab6ae201c87013bdc32262707c573b47 Mon Sep 17 00:00:00 2001
From: Casper da Costa-Luis <tqdm@caspersci.uk.to>
Date: Thu, 25 Feb 2021 14:04:08 +0000
Subject: [PATCH] docs: add tidelift/security

---
 .github/FUNDING.yml               |  1 +
 .github/ISSUE_TEMPLATE/config.yml |  7 +++++--
 .github/SECURITY.md               | 14 ++++++++++++++
 CONTRIBUTING.md                   |  5 ++---
 4 files changed, 22 insertions(+), 5 deletions(-)
 create mode 100644 .github/SECURITY.md

diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml
index 44774f14e..0716fb69f 100644
--- a/.github/FUNDING.yml
+++ b/.github/FUNDING.yml
@@ -1,2 +1,3 @@
 github: casperdcl
 custom: https://caspersci.uk.to/donate
+tidelift: pypi/tqdm
diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml
index c0e6a70a7..7cb006cdb 100644
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@@ -1,8 +1,11 @@
 blank_issues_enabled: false
 contact_links:
-  - name: "FAQs and Known Issues"
+  - name: FAQs and Known Issues
     url: https://github.com/tqdm/tqdm/#faq-and-known-issues
-    about: "Frequently asked questions and known issues"
+    about: Frequently asked questions and known issues
   - name: "StackOverflow#tqdm"
     url: https://stackoverflow.com/questions/tagged/tqdm
     about: "Stack Overflow questions tagged #tqdm"
+  - name: Security Issues
+    url: https://tidelift.com/security
+    about: Report a security vulnerability
diff --git a/.github/SECURITY.md b/.github/SECURITY.md
new file mode 100644
index 000000000..9955d5fb8
--- /dev/null
+++ b/.github/SECURITY.md
@@ -0,0 +1,14 @@
+# Security Policy
+
+## Supported Versions
+
+| Version     | Supported          |
+| ----------- | ------------------ |
+| >= 4.11.2   | :white_check_mark: |
+| < 4.11.2    | :x:                |
+
+## Security contact information
+
+To report a security vulnerability, please use the
+[Tidelift security contact](https://tidelift.com/security).
+Tidelift will coordinate the fix and disclosure.
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 568df615f..68796c0e7 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -131,13 +131,12 @@ sanity-checking.
 
 The tqdm repository managers should:
 
-- follow the [Semantic Versioning](https://semver.org/) convention
+- follow the [Semantic Versioning](https://semver.org) convention
 - take care of this (instead of users) to avoid PR conflicts
 solely due to the version file bumping
 
 Note: tools can be used to automate this process, such as
-[bumpversion](https://github.com/peritus/bumpversion) or
-[python-semanticversion](https://github.com/rbarrois/python-semanticversion/).
+[python-semanticversion](https://github.com/rbarrois/python-semanticversion).
 
 
 ## Checking setup.py