Security md update (#32370)

mlgualtieri · gatsbybot · web-flow · commit 466636c4a5fb · 2021-07-14T19:17:52.000-04:00
* updating SECURITY.md to indicate supported versions

* updating vulnerability reporting guidelines

* chore: format

Co-authored-by: gatsbybot &lt;mathews.kyle+gatsbybot@gmail.com&gt;
diff --git a/SECURITY.md b/SECURITY.md
@@ -13,4 +13,8 @@ The following versions are currently being supported with security updates.
 
 ## Reporting a Vulnerability
 
-Please email security@gatsbyjs.com
+If you believe you have found a security issue with any of Gatsby's open source or commercial offerings, we would love to receive your report! Security findings can be emailed to security@gatsbyjs.com.
+
+When reporting a security issue, describe the issue in detail and include steps to reproduce. The more detail provided, the more likely we will be able to reproduce the issue and determine a course of action.
+
+Please do not report findings from `npm audit`. We are aware of package dependency issues that are reported by this tool and do review these reports. In many cases the issues reported by `npm audit` are misleading and do not present a tangible/exploitable security risk for Gatsby users.

-Original file line number
+Diff line change
 ## Reporting a Vulnerability
 -Please email [email protected]
 +If you believe you have found a security issue with any of Gatsby's open source or commercial offerings, we would love to receive your report! Security findings can be emailed to [email protected].
++
 +When reporting a security issue, describe the issue in detail and include steps to reproduce. The more detail provided, the more likely we will be able to reproduce the issue and determine a course of action.
++
 +Please do not report findings from `npm audit`. We are aware of package dependency issues that are reported by this tool and do review these reports. In many cases the issues reported by `npm audit` are misleading and do not present a tangible/exploitable security risk for Gatsby users.