Merge branch 'master' into bump-deps

.github/workflows/browserslist.yml

@@ -0,0 +1,39 @@
+name: Update Browserslist database
+on: [push]
+permissions:
+  contents: write
+  pull-requests: write
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v4
+    - name: Configure git
+      run: |
+        # Setup for commiting using built-in token. See https://github.com/actions/checkout#push-a-commit-using-the-built-in-token
+        git config user.name "github-actions[bot]"
+        git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
+    - name: Cache node modules
+      uses: actions/cache@v2
+      env:
+        cache-name: cache-node-modules
+      with:
+        path: ~/.npm
+        key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('**/package-lock.json') }}
+        restore-keys: |
+          ${{ runner.os }}-build-${{ env.cache-name }}-
+          ${{ runner.os }}-build-
+          ${{ runner.os }}-
+    - uses: actions/setup-node@v1
+      with:
+        node-version: '22'
+    - run: npm install
+    - name: Update Browserslist database and create PR if applies
+      uses: c2corg/browserslist-update-action@v2.4.0
+      with:
+        github_token: ${{ github.token }}
+        commit_message: 'chore: update Browserslist db'
+        title: 'Update Browserslist database'
+        body: 'Auto-generated by `.github/workflows/browserslist.yml` using c2corg/browserslist-update-action'
+        labels: 'dependencies,fast tracked,process,size/XS'
+        reviewers: 'doamatto'

CONTRIBUTORS.toml

@@ -20,6 +20,12 @@ email = "heyy@maatt.fr"
 
 [kulchynska]
 
+[vkeerthivikram]
+name = "V Keerthi Vikram"
+website = "https://bio.vkvikram.com"
+github = "vkeerthivikram"
+
+
 [YuriiStasiuk]
 
 [UnKnOwN]
@@ -181,6 +187,12 @@ github = "davidbernau"
 
 [kelplover]
 
+[ausernameisnotavailable]
+github = "ausernameisnotavailable"
+
+[bcbee]
+github = "bcbee"
+
 [ItsIgnacioPortal]
 name = "Ignacio Portal"
 website = "https://itsignacioportal.github.io/"
@@ -190,4 +202,24 @@ email = "5990@protonmail.com"
 [loviuz]
 name = "Loviuz"
 website = "https://loviuz.me"
-github = "loviuz"
+github = "loviuz"
+
+[SimplyUnknown]
+name = "SimplyUnknown"
+github = "simplyknown"
+
+[smspool]
+name = "SMSPool"
+website = "https://www.smspool.net"
+github = "smspool"
+
+[opile8]
+name = "Ollie Pile"
+github = "opile8"
+
+[maximbelyakov]
+name = "Maxim Belyakov"
+github = "maximbelyakov"
+
+[Anon-sec]
+github = "Anon-sec"

package.json

@@ -19,7 +19,6 @@
     "@types/node": "^22.5.0",
     "a17t": "^0.10.1",
     "autoprefixer": "^10.2.6",
-    "babel-jest": "^29.7.0",
     "del": "^5.1.0",
     "dotenv": "^8.2.0",
     "gulp": "^5.0.0",
@@ -34,7 +33,7 @@
     "hbl-urls": "^0.1.0",
     "image-size": "^0.8.3",
     "lunr": "^2.3.9",
-    "postcss": "^8.2.10",
+    "postcss": "^8.4.31",
     "postcss-import": "^14.0.2",
     "postcss-scss": "^3.0.5",
     "simple-git": "^3.16.0",

products/bitwarden.toml

@@ -0,0 +1,98 @@
+name = "Bitwarden"
+description = "Bitwarden is a free and open-source password management service."
+slug = "bitwarden"
+hostnames = ["bitwarden.com"]
+sources = ["https://bitwarden.com/privacy/"]
+contributors = ["Deivedux"]
+
+[rubric.behavioral-marketing]
+value = "yes-opt-out"
+citations = ["Bitwarden respects your email communications and marketing preferences. If you prefer not to receive product release notes communications or promotional email messages (such as product updates, security alerts, marketing, events, training and certifications) from Bitwarden, you can unsubscribe from Bitwarden email marketing by following the unsubscribe link located at the bottom of each promotional email, or Contact Us. Note: Please allow five (5) business days to be removed from all email communications."]
+notes = ["While their website prompts the optional cookie settings to all new visitors, email marketing is still enabled by default."]
+
+[rubric.data-breaches]
+value = "no"
+notes = ["No data breach protocol is found in the policy."]
+
+[rubric.data-collection-reasoning]
+value = "mostly"
+citations = [
+"""
+Bitwarden may use the Personal Information collected by the Site to provide you with services, to accomplish our business purposes and to fulfill other legal obligations, including:
+
+- To provide you services that you request, such as when we:
+  - Respond to your requests for information about our products, services, training and events;
+  - To enable your access and use of the Site, and to enable you to communicate, collaborate, and share information with those you designate;
+  - To send you technical notices, updates, security alerts, and support and administrative messages;
+- For our business purposes we have a legitimate interest, when we:
+  - Operate the Site;
+  - Administer your account if you have registered on the Site, including billing and payment;
+  - Send marketing, advertising, training, certification or event materials to which you've agreed, requested or subscribed or to otherwise inform you about our products and services;
+- Apply information security policies and controls on the Site, including overall Site integrity, identity management and account authentication;
+- For research and development to improve the Bitwarden Service, Site and other Bitwarden services;
+- Perform other general business management and operations purposes, such as to provide, operate, maintain, make modifications to protect and improve the Site.
+- To fulfill legal obligations, including:
+- Legal compliance, such as to enforce our legal rights, to comply in good faith with applicable laws, and to protect users of the Site or Service.
+- For other purposes about which we notify you and, where relevant or required, give you choice about the new purpose."""
+]
+
+[rubric.data-deletion]
+value = "yes-contact"
+citations = ["We enable you to access, correct, and delete your account with the Bitwarden Service at any time. If you would like to request assistance with accessing, correcting, or deleting your Personal Information, please submit your request to us by email at privacypolicy@bitwarden.com. We will verify these requests and respond to you in accordance with our legal obligations, which typically means forwarding your request to the licensed administrator (in your organization) of your Bitwarden account for review."]
+
+[rubric.history]
+value = "last-modified"
+citations = ["Last revised APRIL-2024"]
+
+[rubric.law-enforcement]
+value = "reasonable"
+citations = ["We believe that disclosure is reasonably necessary to comply with any applicable law, regulation, legal process, or lawful government request, including in connection with national security or law enforcement requirements. This may include disclosures: to respond to subpoenas or court orders; to establish or exercise our legal rights or defend against legal claims; or to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our Service Agreement, or as otherwise required by law. In each case, we will make reasonable efforts to verify the validity of the request before disclosing your Personal Information."]
+
+[rubric.list-collected]
+value = "generally"
+citations = [
+"Bitwarden processes two kinds of user data to deliver the Bitwarden Service: (i) Vault Data and (ii) Administrative Data.",
+"Vault Data includes all information stored within accounts to the Bitwarden Service, including but not limited to login credentials, attachments including photos, videos, images and other files, and may include Personal Information. If we host the Bitwarden Service for you, we will host Vault Data. Vault Data is encrypted using secure cryptographic keys under your control. Bitwarden cannot access Vault Data.You may add, modify, and delete Vault Data at any time.",
+"Bitwarden obtains Personal Information in connection with your account creation, usage of the Bitwarden Service and support, and payments for the Bitwarden Service such as names, emails address, phone and other contact information for users of the Bitwarden Service and the number of items in your Bitwarden Service account (\"Administrative Data\"). Bitwarden uses Administrative Data to provide the Bitwarden Service to you. We retain Administrative Data for as long as you are a customer of Bitwarden and as required by law. If you terminate your relationship with Bitwarden, we will delete your Personal Information in accordance with our data retention policies.",
+"""
+When you use the Site or communicate with us (e.g. via email) you will provide, and Bitwarden will collect certain Personal Information such as
+
+- Name
+- Business name and address
+- Business telephone number
+- Email address
+- IP-address and other online identifiers
+- Any customer testimonial you have given us consent to share.
+- Information you provide to the Site's Interactive Areas, such as fillable forms or text boxes, training, webinars or event registration.
+- Information about the device you are using, comprising the hardware model, operating system and version, unique device identifiers, network information, IP address, and/or Bitwarden Service information when interacting with the Site.
+- If you interact with the Bitwarden Community or training, or registered for an exam or event, we may collect biographical information and the content that you share.
+- Information gathered via cookies, pixel tags, logs, or other similar technologies."""
+]
+
+[rubric.noncritical-purposes]
+value = "opt-out-all"
+notes = ["Bitwarden relies on users' cookie settings for the use of their non-critical personal data."]
+
+[rubric.revision-notify]
+value = "yes"
+citations = ["If we make any material changes, we will notify you by email (sent to the email address specified in your account registered with the Site or Bitwarden Service) or by means of a notice on the Site or Service."]
+
+[rubric.security]
+value = "yes-independent-audits"
+citations = [
+"""
+The security of your Personal Information is important to us. Your data, including Personal Information, is never sent to the Bitwarden cloud servers without first being encrypted on your local device using AES 256 bit encryption. In addition, Bitwarden encrypts the transmission of that information using secure socket layer technology (SSL).
+
+We follow generally accepted standards to protect the Personal Information submitted to us, both during transmission and once it is received. You acknowledge and agree that no Internet or email transmission is ever fully secure or error free. You agree to take special care in deciding what information you send to us via email. If you have any questions about the security of your Personal Information, you can Contact Us."""
+]
+notes= [
+  "Bitwarden is SOC2 and SOC3 certified and HIPAA compliant. More information about their audit history and compliance can be found at bitwarden.com/compliance"
+]
+
+[rubric.third-party-access]
+value = "yes-specified-noncritical"
+notes = ["A list of subprocessors can be found at bitwarden.com/help/subprocessors. The privacy policy mentions only Google Analytics is mentioned as an example for their collection of Analytics Data."]
+
+[rubric.third-party-collection]
+value = "no"
+notes = ["No data found to be collected from third-parties."]

products/ente.toml

@@ -0,0 +1,82 @@
+name = "Ente"
+description = "Ente is an end-to-end encrypted, open-source cloud storage service for photos and videos."
+slug = "ente"
+hostnames = [ "ente.io" ]
+sources = [ "https://ente.io/privacy" ]
+contributors = [ "vkeerthivikram" ]
+
+[rubric.behavioral-marketing]
+value = "no"
+citations = [ "We do not sell your personal information, nor do we intend to do so." ]
+
+[rubric.data-breaches]
+value = "yes-72"
+citations = [ "In the event of a personal data breach, we will notify you within seventy-two (72) hours via email." ]
+
+[rubric.data-collection-reasoning]
+value = "yes"
+citations = [
+  "We collect and store only the bare minimum amount of information necessary to fulfill our role as a service provider.",
+  """
+  We use the information that you provide to:
+  Provide our Services that you contract for when you agree to our Terms and Conditions ("Terms");
+  Communicate with you in accordance with this Privacy Policy and ourTerms;
+  Maintain and improve our systems and Services;
+  Ensure your account's security and mitigate attacks;
+  Carry out obligations and enforce rights arising from contracts entered into between you and us, including billing and collection;
+  Control access permissions to your Files and your account;
+  Remove deleted files from users who might have already downloaded them;
+  Notify you about changes to our Services; and
+  Anonymize data and aggregate data for statistics.
+  """
+]
+
+[rubric.data-deletion]
+value = "yes-contact"
+citations = [
+  "To make any of the aforementioned requests, please contact our Data Privacy Officer, Manav Rathi at dpo@ente.io, or contact us in accordance with Section 17.",
+  "After account termination, we may retain your Data for sixty (60) days, or as warranted by your jurisdiction (\"Retention Period\"), unless an enforcement action is likely under ourTerms. If there is no enforcement action likely or commenced and Retention Period has expired, your Data that identifies you will be anonymized."
+]
+notes = [
+  "While the privacy policy does not explicitly state that users can automatically delete their data, there is a delete account button in the app settings."
+]
+
+[rubric.history]
+value = "last-modified"
+citations = [ "Last Updated: Sep 25, 2024" ]
+
+[rubric.law-enforcement]
+value = "strict"
+citations = [ "We will disclose personal information (i) to comply with any court order, law, or legal process, including to respond to any government or regulatory request" ]
+
+[rubric.list-collected]
+value = "exhaustively"
+citations = [
+  "Information you Provide: At the time of registration, or through your use of our Services, you will provide us with 1. Your email address; 2. Referral details including referrers and people you have referred; 3. Email addresses you choose to share your Files with; 4. Our Communications with you and records or copies of such communications; 5. Other personal information you provide to us for support purposes, bug reports, newsletters, surveys, sweepstakes, product feedback, or via forms.",
+  "Information we automatically collect: 1. Public keys; 2. Anonymized crash reports; 3. Server logs; 4. Device identifiers including information about your internet connection, IP address and user agent details; 5. Takedowns and account suspension history.",
+  "Other Instances: We may keep your Files after your account has been suspended or terminated where we consider it necessary for evidential purposes relating to a breach of our Terms or with respect to current or anticipated action by any competent enforcement authority or other third party."
+]
+
+[rubric.noncritical-purposes]
+value = "na"
+notes = [ "There is no mention of non-critical purposes for collecting data in the privacy policy." ]
+
+[rubric.revision-notify]
+value = "no"
+citations = [ "We will update this privacy policy as needed so that it is current, accurate, and as clear as possible. Your continued use of our Services confirms your acceptance of our updated Privacy Policy." ]
+
+[rubric.security]
+value = "somewhat"
+citations = [ "We have implemented measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure. Specifically (a) all information you provide to us is stored on our secure servers behind firewalls, (b) our website and app use an SSL certificate, receive regular security scans, penetration tests and regular malware scans; (c) we require username and passwords for our employees who can access your personal information that we store and/or process, and (d) we actively prevent third parties from getting access to your personal information that we store and/or process." ]
+notes = [ "While Ente has undergone third-party security audits (by Cure53 and Fallible), it's been awhile since their last audit (Feb 2023). You can view more information about the audits on their blog: https://ente.io/blog/cryptography-audit/" ]
+
+[rubric.third-party-access]
+value = "yes-specified-critical"
+citations = [
+  "We do not sell, trade, rent, or otherwise transfer personal information to others, unless we provide you with advance notice. There are times when Personal Information that you have shared with us may be shared by Ente with others to enable us to provide you over Services, including contractors, service providers, and third parties (\"Partners\") and subsidiaries.",
+  "Ente uses the following third-party service providers for the provision of services as detailed under the Terms, as applicable: Apple, Google, Stripe, BitPay, PayPal, Scaleway, Backblaze, Cloudflare, Amazon, Hetzner, FeatureMonkey, Simple Analytics, Zoho, Grafana, Open Street Maps"
+]
+
+[rubric.third-party-collection]
+value = "critical-only"
+citations = [ "We collect payment invoices provided to us by our third-party payment processors, which includes details of your Subscription Plan and any payments made by you in favor of Ente in order to receive Services from us. We do not collect or store any credit cards or bank information." ]