mime-types-data 3.2025.0924 → 3.2026.0113

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b8b738383fd2a3382cdb32bfc3380ebdbf847d370e8605a2f32e828178b8bbb9
-  data.tar.gz: c4ba90519e1638fcc61d9ecccbbc2fd65817cee5b2b3223e973962cb131b2e46
+  metadata.gz: 400780b92e1f1f3052a7cdb790a6401a4a5f264925ad2aad9b8ecc6fef8ac07f
+  data.tar.gz: b88ec153a0f99186cd7d0156675ae4b00ac3772f26799f307be08f517de8fb2f
 SHA512:
-  metadata.gz: 0d5c59d6a4c31251b862492e1ea94dd6e3abe13c5f249eccb1b3b567efe49478c0f41299a0dac8ecce0c83ac955098bdce78aa1697eb74d3313049037dc8e35a
-  data.tar.gz: dd1e20ce1f78b2048e0a8f94d95d13629b538af000291c508c466e2acee04fc234a2ef1667b15c224acfd547ae18eb5f448546dd14dbb5ba5ad7f550da9341ed
+  metadata.gz: 25027c8dcf66ef4f4087630376ff5daa7a6cc54424787488b08e81c815572556033486c9a005c755e7bbd3e5242bcc929856f93b562d6b19382376f59c2a71e2
+  data.tar.gz: c21428612e575f6395e997b3f81c60c37ca7e44ee92a4518acba1eab35254d0e6488288e4221a223f69a3dab90deb9385a393af18cf1d30808a91e6a94dd0fe2

data/CHANGELOG.md

@@ -2,75 +2,93 @@
 
 <!-- automatic-release -->
 
-## 3.2025.0924 / 2025-09-24
+## 3.2026.0113 / 2026-01-13
 
 - Updated registry entries from the IANA [media registry][registry] and
   [provisional media registry][provisional] and the
   [Apache Tika media registry][tika] as of the release date.
 
 
-## NEXT / YYYY-MM—DD
+## 3.2026.0106 / 2026-01-06
+
+- Updated registry entries from the IANA [media registry][registry] and
+  [provisional media registry][provisional] and the
+  [Apache Tika media registry][tika] as of the release date.
 
-- Removed the [Apache httpd media registry][httpd] from automatic updates.
-  It is currently failing and no longer provides useful data compared to
-  other sources. 
 
-## 3.2025.0916 / 2025-09-16
+
+- Manual contributions now require `Signed-off-by` trailers for assertion of the
+  [Developer Certificate of Origin][dco]. More details will be added in the
+  coming weeks.
+
+- Added `application/microdata+json`, `application/speculationrules+json`,
+  `text/event-stream` and `text/ping` from the [WHATWG HTML spec][whatwg]
+
+## 3.2025.0924 / 2025-09-24
 
 - Updated registry entries from the IANA [media registry][registry] and
-  [provisional media registry][provisional], the [Apache httpd media registry][httpd],
-  and the [Apache Tika media registry][tika] as of the release date.
+  [provisional media registry][provisional] and the
+  [Apache Tika media registry][tika] as of the release date.
 
+- Removed the [Apache httpd media registry][httpd] from automatic updates. It is
+  currently failing and no longer provides useful data compared to other
+  sources.
 
-## 3.2025.0909 / 2025-09-09
+## 3.2025.0916 / 2025-09-16
 
 - Updated registry entries from the IANA [media registry][registry] and
-  [provisional media registry][provisional], the [Apache httpd media registry][httpd],
-  and the [Apache Tika media registry][tika] as of the release date.
+  [provisional media registry][provisional], the
+  [Apache httpd media registry][httpd], and the
+  [Apache Tika media registry][tika] as of the release date.
+
+## 3.2025.0909 / 2025-09-09
 
+- Updated registry entries from the IANA [media registry][registry] and
+  [provisional media registry][provisional], the
+  [Apache httpd media registry][httpd], and the
+  [Apache Tika media registry][tika] as of the release date.
 
 ## 3.2025.0902 / 2025-09-02
 
 - Updated registry entries from the IANA [media registry][registry] and
-  [provisional media registry][provisional], the [Apache httpd media registry][httpd],
-  and the [Apache Tika media registry][tika] as of the release date.
-
+  [provisional media registry][provisional], the
+  [Apache httpd media registry][httpd], and the
+  [Apache Tika media registry][tika] as of the release date.
 
 ## 3.2025.0826 / 2025-08-26
 
 - Updated registry entries from the IANA [media registry][registry] and
-  [provisional media registry][provisional], the [Apache httpd media registry][httpd],
-  and the [Apache Tika media registry][tika] as of the release date.
-
+  [provisional media registry][provisional], the
+  [Apache httpd media registry][httpd], and the
+  [Apache Tika media registry][tika] as of the release date.
 
 ## 3.2025.0819 / 2025-08-19
 
 - Updated registry entries from the IANA [media registry][registry] and
-  [provisional media registry][provisional], the [Apache httpd media registry][httpd],
-  and the [Apache Tika media registry][tika] as of the release date.
-
+  [provisional media registry][provisional], the
+  [Apache httpd media registry][httpd], and the
+  [Apache Tika media registry][tika] as of the release date.
 
 ## 3.2025.0812 / 2025-08-12
 
 - Updated registry entries from the IANA [media registry][registry] and
-  [provisional media registry][provisional], the [Apache httpd media registry][httpd],
-  and the [Apache Tika media registry][tika] as of the release date.
-
+  [provisional media registry][provisional], the
+  [Apache httpd media registry][httpd], and the
+  [Apache Tika media registry][tika] as of the release date.
 
 ## 3.2025.0805 / 2025-08-05
 
 - Updated registry entries from the IANA [media registry][registry] and
-  [provisional media registry][provisional], the [Apache httpd media registry][httpd],
-  and the [Apache Tika media registry][tika] as of the release date.
-
+  [provisional media registry][provisional], the
+  [Apache httpd media registry][httpd], and the
+  [Apache Tika media registry][tika] as of the release date.
 
 ## 3.2025.0729 / 2025-07-29
 
 - Updated registry entries from the IANA [media registry][registry] and
-  [provisional media registry][provisional], the [Apache httpd media registry][httpd],
-  and the [Apache Tika media registry][tika] as of the release date.
-
-
+  [provisional media registry][provisional], the
+  [Apache httpd media registry][httpd], and the
+  [Apache Tika media registry][tika] as of the release date.
 
 - Remove `.doc` from `text/plain`: The use of `.doc` for `text/plain` documents
   is mostly a holdover from VAX VMS where the default wasn't `.txt` but `.doc`.
@@ -710,6 +728,7 @@
   `text/plain`.
 
 [code of conduct]: CODE_OF_CONDUCT.md
+[dco]: https://developercertificate.org
 [httpd]: https://svn.apache.org/repos/asf/httpd/httpd/trunk/docs/conf/mime.types
 [issue-18]: https://github.com/mime-types/mime-types-data/issues/18
 [issue-22]: https://github.com/mime-types/mime-types-data/issues/22
@@ -758,3 +777,4 @@
 [ruby-mime-types#99]: https://github.com/mime-types/ruby-mime-types/pull/99
 [tika]: https://github.com/apache/tika/blob/main/tika-core/src/main/resources/org/apache/tika/mime/tika-mimetypes.xml
 [tp]: https://guides.rubygems.org/trusted-publishing/
+[whatwg]: https://html.spec.whatwg.org/multipage/iana.html#text/event-stream

data/CODE_OF_CONDUCT.md

@@ -1,128 +1,166 @@
-# Contributor Covenant Code of Conduct
+# Contributor Covenant 3.0 Code of Conduct
 
 ## Our Pledge
 
-We as members, contributors, and leaders pledge to make participation in our
-community a harassment-free experience for everyone, regardless of age, body
-size, visible or invisible disability, ethnicity, sex characteristics, gender
-identity and expression, level of experience, education, socio-economic status,
-nationality, personal appearance, race, caste, color, religion, or sexual
-identity and orientation.
-
-We pledge to act and interact in ways that contribute to an open, welcoming,
-diverse, inclusive, and healthy community.
-
-## Our Standards
-
-Examples of behavior that contributes to a positive environment for our
-community include:
-
-- Demonstrating empathy and kindness toward other people
-- Being respectful of differing opinions, viewpoints, and experiences
-- Giving and gracefully accepting constructive feedback
-- Accepting responsibility and apologizing to those affected by our mistakes,
-  and learning from the experience
-- Focusing on what is best not just for us as individuals, but for the overall
-  community
-
-Examples of unacceptable behavior include:
-
-- The use of sexualized language or imagery, and sexual attention or advances of
-  any kind
-- Trolling, insulting or derogatory comments, and personal or political attacks
-- Public or private harassment
-- Publishing others' private information, such as a physical or email address,
-  without their explicit permission
-- Other conduct which could reasonably be considered inappropriate in a
-  professional setting
-
-## Enforcement Responsibilities
-
-Community leaders are responsible for clarifying and enforcing our standards of
-acceptable behavior and will take appropriate and fair corrective action in
-response to any behavior that they deem inappropriate, threatening, offensive,
-or harmful.
-
-Community leaders have the right and responsibility to remove, edit, or reject
-comments, commits, code, wiki edits, issues, and other contributions that are
-not aligned to this Code of Conduct, and will communicate reasons for moderation
-decisions when appropriate.
+We pledge to make our community welcoming, safe, and equitable for all.
+
+We are committed to fostering an environment that respects and promotes the
+dignity, rights, and contributions of all individuals, regardless of
+characteristics including race, ethnicity, caste, color, age, physical
+characteristics, neurodiversity, disability, sex or gender, gender identity or
+expression, sexual orientation, language, philosophy or religion, national or
+social origin, socio-economic position, level of education, or other status. The
+same privileges of participation are extended to everyone who participates in
+good faith and in accordance with this Covenant.
+
+## Encouraged Behaviors
+
+While acknowledging differences in social norms, we all strive to meet our
+community's expectations for positive behavior. We also understand that our
+words and actions may be interpreted differently than we intend based on
+culture, background, or native language.
+
+With these considerations in mind, we agree to behave mindfully toward each
+other and act in ways that center our shared values, including:
+
+1. Respecting the **purpose of our community**, our activities, and our ways of
+   gathering.
+2. Engaging **kindly and honestly** with others.
+3. Respecting **different viewpoints** and experiences.
+4. **Taking responsibility** for our actions and contributions.
+5. Gracefully giving and accepting **constructive feedback**.
+6. Committing to **repairing harm** when it occurs.
+7. Behaving in other ways that promote and sustain the **well-being of our
+   community**.
+
+## Restricted Behaviors
+
+We agree to restrict the following behaviors in our community. Instances,
+threats, and promotion of these behaviors are violations of this Code of
+Conduct.
+
+1. **Harassment.** Violating explicitly expressed boundaries or engaging in
+   unnecessary personal attention after any clear request to stop.
+2. **Character attacks.** Making insulting, demeaning, or pejorative comments
+   directed at a community member or group of people.
+3. **Stereotyping or discrimination.** Characterizing anyone’s personality or
+   behavior on the basis of immutable identities or traits.
+4. **Sexualization.** Behaving in a way that would generally be considered
+   inappropriately intimate in the context or purpose of the community.
+5. **Violating confidentiality**. Sharing or acting on someone's personal or
+   private information without their permission.
+6. **Endangerment.** Causing, encouraging, or threatening violence or other harm
+   toward any person or group.
+7. Behaving in other ways that **threaten the well-being** of our community.
+
+### Other Restrictions
+
+1. **Misleading identity.** Impersonating someone else for any reason, or
+   pretending to be someone else to evade enforcement actions.
+2. **Failing to credit sources.** Not properly crediting the sources of content
+   you contribute.
+3. **Promotional materials**. Sharing marketing or other commercial content in a
+   way that is outside the norms of the community.
+4. **Irresponsible communication.** Failing to responsibly present content which
+   includes, links or describes any other restricted behaviors.
+
+## Reporting an Issue
+
+Tensions can occur between community members even when they are trying their
+best to collaborate. Not every conflict represents a code of conduct violation,
+and this Code of Conduct reinforces encouraged behaviors and norms that can help
+avoid conflicts and minimize harm.
+
+When an incident does occur, it is important to report it promptly. To report a
+possible violation, create a [private security advisory][advisory] — violations
+of this code of conduct are considered security vulnerabilities.
+
+Community Moderators take reports of violations seriously and will make every
+effort to respond in a timely manner. They will investigate all reports of code
+of conduct violations, reviewing messages, logs, and recordings, or interviewing
+witnesses and other participants. Community Moderators will keep investigation
+and enforcement actions as transparent as possible while prioritizing safety and
+confidentiality. In order to honor these values, enforcement actions are carried
+out in private with the involved parties, but communicating to the whole
+community may be part of a mutually agreed upon resolution.
+
+## Addressing and Repairing Harm
+
+If an investigation by the Community Moderators finds that this Code of Conduct
+has been violated, the following enforcement ladder may be used to determine how
+best to repair harm, based on the incident's impact on the individuals involved
+and the community as a whole. Depending on the severity of a violation, lower
+rungs on the ladder may be skipped.
+
+1. Warning
+   1. Event: A violation involving a single incident or series of incidents.
+   2. Consequence: A private, written warning from the Community Moderators.
+   3. Repair: Examples of repair include a private written apology,
+      acknowledgement of responsibility, and seeking clarification on
+      expectations.
+
+2. Temporarily Limited Activities
+   1. Event: A repeated incidence of a violation that previously resulted in a
+      warning, or the first incidence of a more serious violation.
+   2. Consequence: A private, written warning with a time-limited cooldown
+      period designed to underscore the seriousness of the situation and give
+      the community members involved time to process the incident. The cooldown
+      period may be limited to particular communication channels or interactions
+      with particular community members.
+   3. Repair: Examples of repair may include making an apology, using the
+      cooldown period to reflect on actions and impact, and being thoughtful
+      about re-entering community spaces after the period is over.
+
+3. Temporary Suspension
+   1. Event: A pattern of repeated violation which the Community Moderators have
+      tried to address with warnings, or a single serious violation.
+   2. Consequence: A private written warning with conditions for return from
+      suspension. In general, temporary suspensions give the person being
+      suspended time to reflect upon their behavior and possible corrective
+      actions.
+   3. Repair: Examples of repair include respecting the spirit of the
+      suspension, meeting the specified conditions for return, and being
+      thoughtful about how to reintegrate with the community when the suspension
+      is lifted.
+
+4. Permanent Ban
+   1. Event: A pattern of repeated code of conduct violations that other steps
+      on the ladder have failed to resolve, or a violation so serious that the
+      Community Moderators determine there is no way to keep the community safe
+      with this person as a member.
+   2. Consequence: Access to all community spaces, tools, and communication
+      channels is removed. In general, permanent bans should be rarely used,
+      should have strong reasoning behind them, and should only be resorted to
+      if working through other remedies has failed to change the behavior.
+   3. Repair: There is no possible repair in cases of this severity.
+
+This enforcement ladder is intended as a guideline. It does not limit the
+ability of Community Managers to use their discretion and judgment, in keeping
+with the best interests of our community.
 
 ## Scope
 
 This Code of Conduct applies within all community spaces, and also applies when
-an individual is officially representing the community in public spaces.
-Examples of representing our community include using an official email address,
-posting via an official social media account, or acting as an appointed
+an individual is officially representing the community in public or other
+spaces. Examples of representing our community include using an official email
+address, posting via an official social media account, or acting as an appointed
 representative at an online or offline event.
 
-## Enforcement
-
-Instances of abusive, harassing, or otherwise unacceptable behavior may be
-reported to the community leaders responsible for enforcement at [INSERT CONTACT
-METHOD]. All complaints will be reviewed and investigated promptly and fairly.
-
-All community leaders are obligated to respect the privacy and security of the
-reporter of any incident.
-
-## Enforcement Guidelines
-
-Community leaders will follow these Community Impact Guidelines in determining
-the consequences for any action they deem in violation of this Code of Conduct:
-
-### 1. Correction
-
-**Community Impact**: Use of inappropriate language or other behavior deemed
-unprofessional or unwelcome in the community.
-
-**Consequence**: A private, written warning from community leaders, providing
-clarity around the nature of the violation and an explanation of why the
-behavior was inappropriate. A public apology may be requested.
-
-### 2. Warning
-
-**Community Impact**: A violation through a single incident or series of
-actions.
-
-**Consequence**: A warning with consequences for continued behavior. No
-interaction with the people involved, including unsolicited interaction with
-those enforcing the Code of Conduct, for a specified period of time. This
-includes avoiding interactions in community spaces as well as external channels
-like social media. Violating these terms may lead to a temporary or permanent
-ban.
-
-### 3. Temporary Ban
-
-**Community Impact**: A serious violation of community standards, including
-sustained inappropriate behavior.
-
-**Consequence**: A temporary ban from any sort of interaction or public
-communication with the community for a specified period of time. No public or
-private interaction with the people involved, including unsolicited interaction
-with those enforcing the Code of Conduct, is allowed during this period.
-Violating these terms may lead to a permanent ban.
-
-### 4. Permanent Ban
-
-**Community Impact**: Demonstrating a pattern of violation of community
-standards, including sustained inappropriate behavior, harassment of an
-individual, or aggression toward or disparagement of classes of individuals.
-
-**Consequence**: A permanent ban from any sort of public interaction within the
-community.
-
 ## Attribution
 
-This Code of Conduct is adapted from the [Contributor Covenant][homepage],
-version 2.1, available at
-<https://www.contributor-covenant.org/version/2/1/code_of_conduct.html>.
+This Code of Conduct is adapted from the Contributor Covenant, version 3.0,
+permanently available at <https://www.contributor-covenant.org/version/3/0/>.
 
-Community Impact Guidelines were inspired by
-[Mozilla's code of conduct enforcement ladder][Mozilla CoC].
+Contributor Covenant is stewarded by the Organization for Ethical Source and
+licensed under CC BY-SA 4.0. To view a copy of this license, visit
+<https://creativecommons.org/licenses/by-sa/4.0/>.
 
-For answers to common questions about this code of conduct, see the FAQ at
-<https://www.contributor-covenant.org/faq>. Translations are available at
-<https://www.contributor-covenant.org/translations>.
+For answers to common questions about Contributor Covenant, see the FAQ at
+<https://www.contributor-covenant.org/faq>. Translations are provided at
+<https://www.contributor-covenant.org/translations>. Additional enforcement and
+community guideline resources can be found at
+<https://www.contributor-covenant.org/resources>. The enforcement ladder was
+inspired by the work of [Mozilla’s code of conduct team][inclusion].
 
-[homepage]: https://www.contributor-covenant.org
-[Mozilla CoC]: https://github.com/mozilla/diversity
+[advisory]: https://github.com/mime-types/ruby-mime-types/security/advisories/new
+[inclusion]: https://github.com/mozilla/inclusion

data/CONTRIBUTING.md

@@ -1,29 +1,33 @@
 # Contributing
 
 Contribution to mime-types-data is encouraged in any form: a bug report, new
-MIME type definitions, or additional code to help manage the MIME types. There
-are a few DOs and DON'Ts for contributions.
+MIME type definitions, or additional code to help manage the MIME types. New
+features should be proposed and discussed in an [issue][issues].
 
-- DO:
+Before contributing patches, please read the [Licence](./LICENCE.md).
 
-  - Keep the coding style that already exists for any updated Ruby code (support
-    or otherwise). I use [Standard Ruby][standardrb] for linting and formatting.
+MIME::Types data is governed under the
+[Contributor Covenant Code of Conduct][cccoc].
 
-  - Use thoughtfully-named topic branches for contributions. Rebase your commits
-    into logical chunks as necessary.
+## Code Guidelines
 
-  - Use [quality commit messages][qcm].
+I have several guidelines to contributing code through pull requests:
 
-  - Add your name or GitHub handle to `CONTRIBUTORS.md` and a record in the
-    `CHANGELOG.md` as a separate commit from your main change. (Follow the style
-    in the `CHANGELOG.md` and provide a link to your PR.)
+- I use code formatters, static analysis tools, and linting to ensure consistent
+  styles and formatting. There should be no warning output from test run
+  processes. I use [Standard Ruby][standardrb].
 
-- DO NOT:
+- Proposed changes should be on a thoughtfully-named topic branch and organized
+  into logical commit chunks as appropriate.
+
+- Use [Conventional Commits][conventional] with my
+  [conventions](#commit-conventions).
+
+- Versions must not be updated in pull requests unless otherwise directed. This
+  means that you must not:
 
   - Modify `VERSION` in `lib/mime/types/data.rb`. When your patch is accepted
-    and a release is made, the version will be updated at that point. Most
-    likely, once merged, your release will be rolled into the next automatic
-    release.
+    and a release is made, the version will be updated at that point.
 
   - Modify `mime-types-data.gemspec`; it is a generated file. (You _may_ use
     `rake gemspec` to regenerate it if your change involves metadata related to
@@ -31,8 +35,22 @@ are a few DOs and DON'Ts for contributions.
 
   - Modify the `Gemfile`.
 
-  - Modify any files in `data/`. Any changes to be captured here will be
-    automatically updated on the next release.
+- Type updates may only be performed on the YAML files in `types/`. This means
+  that no files may be modified in `data/`. Any changes to be captured here will
+  be automatically updated on the next release.
+
+- Documentation should be added or updated as appropriate for new or updated
+  functionality. The documentation is RDoc; mime-types-data does not use
+  extensions that may be present in alternative documentation generators.
+
+- All GitHub Actions checks marked as required must pass before a pull request
+  may be accepted and merged.
+
+- Add your name or GitHub handle to `CONTRIBUTORS.md` and a record in the
+  `CHANGELOG.md` as a separate commit from your main change. (Follow the style
+  in the `CHANGELOG.md` and provide a link to your PR.)
+
+- Include your DCO sign-off in each commit message (see [LICENCE](LICENCE.md)).
 
 Although mime-types-data was extracted from the [Ruby mime-types][rmt] gem and
 the support files are written in Ruby, the _target_ of mime-types-data is any
@@ -76,12 +94,12 @@ There are other fields that can be added, matching the fields discussed in the
 documentation for MIME::Type. Pull requests for MIME types should just contain
 the changes to the YAML files for the new or modified MIME types; I will convert
 the YAML files to JSON prior to a new release. I would rather not have to verify
-that the JSON matches the YAML changes, which is why it is not necessary to
-convert for the pull request.
+that the JSON matches the YAML changes, which is why it is not necessary to run
+conversion for the pull request.
 
 If you are making a change for a private fork, use `rake convert:yaml:json` to
-convert the YAML to JSON, or `rake convert:yaml:columnar` to convert it to the
-new columnar format.
+convert the YAML to JSON and `rake convert:yaml:columnar` to convert it to the
+default columnar format.
 
 ### Updating Types from the IANA or Apache Lists
 
@@ -108,11 +126,48 @@ customize provisional types (such as with extensions) are considered lower
 priority. It is recommended that any updates required to the data be performed
 in your application if you require provisional types.
 
+## Commit Conventions
+
+MIMe::Types has adopted a variation of the Conventional Commits format for
+commit messages. The following types are permitted:
+
+| Type    | Purpose                                               |
+| ------- | ----------------------------------------------------- |
+| `feat`  | A new feature                                         |
+| `fix`   | A bug fix                                             |
+| `chore` | A code change that is neither a bug fix nor a feature |
+| `docs`  | Documentation updates                                 |
+| `deps`  | Dependency updates, including GitHub Actions.         |
+| `types` | Manually contributed MIME::Types                      |
+
+I encourage the use of [Tim Pope's][tpope-qcm] or [Chris Beam's][cbeams]
+guidelines on the writing of commit messages
+
+I require the use of [git][trailers1] [trailers][trailers2] for specific
+additional metadata and strongly encourage it for others. The conditionally
+required metadata trailers are:
+
+- `Breaking-Change`: if the change is a breaking change. **Do not** use the
+  shorthand form (`feat!(scope)`) or `BREAKING CHANGE`.
+
+- `Signed-off-by`: this is required for all developers except me, as outlined in
+  the [Licence](./LICENCE.md#developer-certificate-of-origin).
+
+- `Fixes` or `Resolves`: If a change fixes one or more open [issues][issues],
+  that issue must be included in the `Fixes` or `Resolves` trailer. Multiple
+  issues should be listed comma separated in the same trailer:
+  `Fixes: #1, #5, #7`, but _may_ appear in separate trailers. While both `Fixes`
+  and `Resolves` are synonyms, only _one_ should be used in a given commit or
+  pull request.
+
+- `Related to`: If a change does not fix an issue, those issue references should
+  be included in this trailer.
+
 ## The Release Process
 
-The release process is almost completely automated, where upstream MIME types
-will be updated weekly (on Tuesdays) and be presented in a reviewable pull
-request. Once merged, the release will be automatically published to RubyGems.
+The release process is completely automated, where upstream MIME types will be
+updated weekly (on Tuesdays) and be presented in a reviewable pull request. Once
+merged, the release will be automatically published to RubyGems.
 
 With the addition of [trusted publishing][tp], there should no longer be a need
 for manual releases outside of the update cycle. Pull requests merged between
@@ -141,10 +196,18 @@ performed manually.
 
 This list is based on issue [#18][issue-18].
 
+[cbeams]: https://cbea.ms/git-commit/
+[cccoc]: ./CODE_OF_CONDUCT.md
+[conventional]: https://www.conventionalcommits.org/en/v1.0.0/
+[dco]: licences/dco.txt
 [hoe]: https://github.com/seattlerb/hoe
 [issue-18]: https://github.com/mime-types/mime-types-data/issues/18
-[qcm]: http://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html
+[issues]: https://github.com/mime-types/mime-types-data/issues
+[minitest]: https://github.com/seattlerb/minitest
 [release-gem]: https://github.com/rubygems/release-gem
 [rmt]: https://github.com/mime-types/ruby-mime-types/
 [standardrb]: https://github.com/standardrb/standard
 [tp]: https://guides.rubygems.org/trusted-publishing/
+[tpope-qcm]: https://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html
+[trailers1]: https://git-scm.com/docs/git-interpret-trailers
+[trailers2]: https://git-scm.com/docs/git-commit#Documentation/git-commit.txt---trailerlttokengtltvaluegt

data/Manifest.txt

@@ -21,3 +21,4 @@ data/mime.use_instead.column
 data/mime.xrefs.column
 lib/mime-types-data.rb
 lib/mime/types/data.rb
+licences/dco.txt

data/Rakefile

@@ -23,7 +23,7 @@ Hoe.spec "mime-types-data" do
   license "MIT"
 
   spec_extras[:metadata] = ->(val) {
-    val.merge!({"rubygems_mfa_required" => "true"})
+    val["rubygems_mfa_required"] = "true"
   }
 
   extra_dev_deps << ["hoe", "~> 4.0"]

data/SECURITY.md

@@ -1,7 +1,26 @@
 # mime-types-data Security
 
-## Security contact information
+## LLM-Generated Security Report Policy
 
-To report a security vulnerability, please use the
-[Tidelift security contact](https://tidelift.com/security). Tidelift will
-coordinate the fix and disclosure.
+Absolutely no security reports will be accepted that have been generated by LLM
+agents.
+
+## Supported Versions
+
+Security reports are accepted for the most recent major release, with a limited
+window of support after the initial major release.
+
+- Bug reports will be accepted up to three months after release.
+- Security reports will be accepted up to six months after release.
+
+All issues raised must be demonstrated on the minimum supported Ruby version.
+
+## Reporting a Vulnerability
+
+Report vulnerabilities via the [Tidelift security contact][tidelift]. Tidelift
+will coordinate the fix and disclosure.
+
+Alternatively, create a [private vulnerability report][advisory] with GitHub.
+
+[advisory]: https://github.com/halostatue/mime-types-data/security/advisories/new
+[tidelift]: https://tidelift.com/security