Routine NPM dependency updates & BCSans Font Support

README.md

@@ -1,4 +1,6 @@
-# Common Document Generation Service [![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](LICENSE) [![img](https://img.shields.io/badge/Lifecycle-Stable-97ca00)](https://github.com/bcgov/repomountie/blob/master/doc/lifecycle-badges.md)
+# Common Document Generation Service
+
+[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](LICENSE) [![img](https://img.shields.io/badge/Lifecycle-Stable-97ca00)](https://github.com/bcgov/repomountie/blob/master/doc/lifecycle-badges.md)
 
 ![Tests](https://github.com/bcgov/common-document-generation-service/workflows/Tests/badge.svg)
 [![Maintainability](https://api.codeclimate.com/v1/badges/b360d0b4c9ad56149499/maintainability)](https://codeclimate.com/github/bcgov/common-document-generation-service/maintainability)
@@ -14,26 +16,31 @@ To learn more about the **Common Services** available visit the [Common Services
 
 ## Directory Structure
 
-    .github/                   - PR and Issue templates
-    app/                       - Application Root
-    ├── docker/                - Auxillary support scripts for LibreOffice Python wrapper
-    ├── src/                   - Node.js backend web application
-    ├── tests/                 - Node.js backend web application tests
-    └── Dockerfile             - Docker image specification
-    openshift/                 - OpenShift-deployment specific files
-    CODE-OF-CONDUCT.md         - Code of Conduct
-    COMPLIANCE.yaml            - BCGov PIA/STRA compliance status
-    CONTRIBUTING.md            - Contributing Guidelines
-    Jenkinsfile                - Top-level Pipeline
-    Jenkinsfile.cicd           - Pull-Request Pipeline
-    LICENSE                    - License
+```txt
+.github/                   - PR and Issue templates
+app/                       - Application Root
+├── docker/                - Auxillary support scripts for LibreOffice Python wrapper
+├── src/                   - Node.js backend web application
+├── tests/                 - Node.js backend web application tests
+└── Dockerfile             - Docker image specification
+openshift/                 - OpenShift-deployment specific files
+bcgovpubcode.yml           - BCGov public code asset tracking
+CODE-OF-CONDUCT.md         - Code of Conduct
+COMPLIANCE.yaml            - BCGov PIA/STRA compliance status
+CONTRIBUTING.md            - Contributing Guidelines
+Jenkinsfile                - Top-level Pipeline
+Jenkinsfile.cicd           - Pull-Request Pipeline
+LICENSE                    - License
+SECURITY.md                - Security Policy and Reporting
+```
 
 ## Documentation
 
 * [Application Readme](app/README.md)
 * [Openshift Readme](openshift/README.md)
 * [Devops Tools Setup](https://github.com/bcgov/nr-showcase-devops-tools)
 * [Product Roadmap](https://github.com/bcgov/nr-get-token/wiki/Product-Roadmap)
+* [Security Reporting](SECURITY.md)
 
 ## Getting Help or Reporting an Issue
 
@@ -47,16 +54,18 @@ Please note that this project is released with a [Contributor Code of Conduct](C
 
 ## License
 
-    Copyright 2019 Province of British Columbia
+```txt
+Copyright 2019 Province of British Columbia
 
-    Licensed under the Apache License, Version 2.0 (the "License");
-    you may not use this file except in compliance with the License.
-    You may obtain a copy of the License at
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
 
-       http://www.apache.org/licenses/LICENSE-2.0
+    http://www.apache.org/licenses/LICENSE-2.0
 
-    Unless required by applicable law or agreed to in writing, software
-    distributed under the License is distributed on an "AS IS" BASIS,
-    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-    See the License for the specific language governing permissions and
-    limitations under the License.
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+```

SECURITY.md

@@ -0,0 +1,52 @@
+# Security Policies and Procedures
+
+This document outlines security procedures and general policies for the Common
+Document Generation Service project.
+
+- [Supported Versions](#supported-versions)
+- [Reporting a Bug](#reporting-a-bug)
+- [Disclosure Policy](#disclosure-policy)
+- [Comments on this Policy](#comments-on-this-policy)
+
+## Supported Versions
+
+At this time, only the latest version of Common Document Generation Service is supported.
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 2.4.x   | :white_check_mark: |
+| < 2.4.x | :x:                |
+
+## Reporting a Bug
+
+The `CSS` team and community take all security bugs in `CDOGS` seriously.
+Thank you for improving the security of `CDOGS`. We appreciate your efforts and
+responsible disclosure and will make every effort to acknowledge your
+contributions.
+
+Report security bugs by sending an email to <[email protected]>.
+
+The `CSS` team will acknowledge your email within 48 hours, and will send a
+more detailed response within 48 hours indicating the next steps in handling
+your report. After the initial reply to your report, the security team will
+endeavor to keep you informed of the progress towards a fix and full
+announcement, and may ask for additional information or guidance.
+
+Report security bugs in third-party modules to the person or team maintaining
+the module.
+
+## Disclosure Policy
+
+When the security team receives a security bug report, they will assign it to a
+primary handler. This person will coordinate the fix and release process,
+involving the following steps:
+
+- Confirm the problem and determine the affected versions.
+- Audit code to find any potential similar problems.
+- Prepare fixes for all releases still under maintenance. These fixes will be
+    released as fast as possible.
+
+## Comments on this Policy
+
+If you have suggestions on how this process could be improved please submit a
+pull request.

app/Dockerfile

@@ -5,6 +5,19 @@ ENV APP_PORT=8080 \
     NO_UPDATE_NOTIFIER=true
 WORKDIR ${APP_ROOT}
 
+# Install Zip
+RUN apk --no-cache add zip && \
+    rm -rf /var/cache/apk/*
+
+# Install BCSans Font
+RUN wget https://www2.gov.bc.ca/assets/gov/british-columbians-our-governments/services-policies-for-government/policies-procedures-standards/web-content-development-guides/corporate-identity-assets/bcsansfont_print.zip?forcedownload=true -O bcsans.zip && \
+    unzip bcsans.zip && \
+    rm bcsans.zip && \
+    mkdir -p /usr/share/fonts/bcsans && \
+    install -m 644 ./BcSansFont_Print/*.ttf /usr/share/fonts/bcsans/ && \
+    rm -rf ./BcSansFont_Print && \
+    fc-cache -f
+
 # NPM Permission Fix (already present in base image)
 
 # Install Application