From e06102ce8cf2450dbd4666091f362432a0797c12 Mon Sep 17 00:00:00 2001
From: James Brundage <+@noreply.github.com>
Date: Sun, 29 Dec 2024 14:32:20 -0800
Subject: [PATCH 1/6] fix: Dockerfile metadata update ( Fixes #38 )

---
 Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index db01572..c59e575 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -2,7 +2,7 @@
 FROM mcr.microsoft.com/powershell AS powershell
 
 # Set the module name to the name of the module we are building
-ENV ModuleName=HtmxPS
+ENV ModuleName=GQL
 ENV InstallAptGet="git","curl","ca-certificates","libc6","libgcc1"
 ENV InstallModule="ugit"
 # Copy the module into the container

From 33ec8df5ec1938c9a7c24ee995a0d6141276b0d7 Mon Sep 17 00:00:00 2001
From: James Brundage <+@noreply.github.com>
Date: Sun, 29 Dec 2024 14:46:20 -0800
Subject: [PATCH 2/6] fix: GQL Workflow Container Publishing ( Fixes #39 )

Adding environment variable for main metadata extract
---
 .github/workflows/BuildGQL.yml                   | 3 +++
 Build/GitHub/Steps/BuildAndPublishContainer.psd1 | 4 ++++
 2 files changed, 7 insertions(+)

diff --git a/.github/workflows/BuildGQL.yml b/.github/workflows/BuildGQL.yml
index c8ad629..82e9ecb 100644
--- a/.github/workflows/BuildGQL.yml
+++ b/.github/workflows/BuildGQL.yml
@@ -533,6 +533,9 @@ jobs:
         with: 
           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
           flavor: latest=true
+        env: 
+          REGISTRY: ghcr.io
+          IMAGE_NAME: ${{ github.repository }}
       - name: Build and push Docker image (from main)
         if: ${{github.ref_name == 'main' || github.ref_name == 'master' || github.ref_name == 'latest'}}
         uses: docker/build-push-action@master
diff --git a/Build/GitHub/Steps/BuildAndPublishContainer.psd1 b/Build/GitHub/Steps/BuildAndPublishContainer.psd1
index 4145af3..a0c935f 100644
--- a/Build/GitHub/Steps/BuildAndPublishContainer.psd1
+++ b/Build/GitHub/Steps/BuildAndPublishContainer.psd1
@@ -32,6 +32,10 @@
         'images'='${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}'
         'flavor'='latest=true'
     }
+    env = @{
+        REGISTRY = 'ghcr.io'
+        IMAGE_NAME = '${{ github.repository }}'
+    }
 }
 @{
     name = 'Build and push Docker image (from main)'

From 80330cc046f91f817b77b46d8b0c040c724d25ae Mon Sep 17 00:00:00 2001
From: James Brundage <+@noreply.github.com>
Date: Sun, 29 Dec 2024 14:48:12 -0800
Subject: [PATCH 3/6] docs: Adding SECURITY.md ( Fixes #17 )

---
 SECURITY.md | 59 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 59 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..2f28a70
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,59 @@
+# Security
+
+We take security seriously.  If you believe you have discovered a vulnerability, please [file an issue](https://github.com/PowerShellWeb/GQL/issues).
+
+## Special Security Considerations
+
+When using this module, take care to secure your GraphQL token.  _Never_ hardcode a value, even as an example.
+
+GraphQL is very powerful, and the Graph API should be queried carefully.
+
+It is also highly recommended you use a Graph API token with limited rights.  
+
+Using your own personal access token can compromise your account.
+
+Finally, and importantly, review any queries that you run before you run them.  
+
+Any GraphQL query you did not write could do more than you expect it to.
+
+### -WhatIf and -Confirm for extra safety
+
+For safety purposes, GQL SupportsShouldProcess.
+
+This adds two parameters, -WhatIf and -Confirm.
+
+Use -WhatIf to determine how to run the query with Invoke-RestMethod, without running it directly.
+
+Use -Confirm to prompt for confirmation before each query is executed.
+
+~~~PowerShell
+GQL ./Examples/GetSchemaTypes.gql -Confirm
+~~~
+
+### Use Variables for more security
+
+Hardcoded values can reveal insecure information.
+
+## Never Execute Result Data
+
+Seriously:
+
+**Never Execute Result Data**
+
+In PowerShell, on of the most dangerous things you can do is `Invoke-Expression`.
+
+This runs whatever is in the data, and is the path to code injection attacks.
+
+Another dangerous thing you can do is `$executionContext.SessionState.InvokeCommand.ExpandString`.
+
+This expands a string containing subexpressions, which can also inject code.
+
+If you were to directly Invoke or expand code from a GraphQL result, it could compromise your system (and possibly your network)
+
+If you were to directly evaluate code from a GraphQL result in any other language, it could compromise that application (and possibly your network)
+
+So, once more:
+
+*Never Execute Result Data*
+
+## Please Enjoy Responsibly

From beadc145f757b62bf67445ac85264d145111fc8c Mon Sep 17 00:00:00 2001
From: StartAutomating <StartAutomating@github.com>
Date: Sun, 29 Dec 2024 22:49:54 +0000
Subject: [PATCH 4/6] docs: Adding SECURITY.md ( Fixes #17 )

---
 docs/SECURITY.md | 59 ++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 59 insertions(+)
 create mode 100644 docs/SECURITY.md

diff --git a/docs/SECURITY.md b/docs/SECURITY.md
new file mode 100644
index 0000000..2f28a70
--- /dev/null
+++ b/docs/SECURITY.md
@@ -0,0 +1,59 @@
+# Security
+
+We take security seriously.  If you believe you have discovered a vulnerability, please [file an issue](https://github.com/PowerShellWeb/GQL/issues).
+
+## Special Security Considerations
+
+When using this module, take care to secure your GraphQL token.  _Never_ hardcode a value, even as an example.
+
+GraphQL is very powerful, and the Graph API should be queried carefully.
+
+It is also highly recommended you use a Graph API token with limited rights.  
+
+Using your own personal access token can compromise your account.
+
+Finally, and importantly, review any queries that you run before you run them.  
+
+Any GraphQL query you did not write could do more than you expect it to.
+
+### -WhatIf and -Confirm for extra safety
+
+For safety purposes, GQL SupportsShouldProcess.
+
+This adds two parameters, -WhatIf and -Confirm.
+
+Use -WhatIf to determine how to run the query with Invoke-RestMethod, without running it directly.
+
+Use -Confirm to prompt for confirmation before each query is executed.
+
+~~~PowerShell
+GQL ./Examples/GetSchemaTypes.gql -Confirm
+~~~
+
+### Use Variables for more security
+
+Hardcoded values can reveal insecure information.
+
+## Never Execute Result Data
+
+Seriously:
+
+**Never Execute Result Data**
+
+In PowerShell, on of the most dangerous things you can do is `Invoke-Expression`.
+
+This runs whatever is in the data, and is the path to code injection attacks.
+
+Another dangerous thing you can do is `$executionContext.SessionState.InvokeCommand.ExpandString`.
+
+This expands a string containing subexpressions, which can also inject code.
+
+If you were to directly Invoke or expand code from a GraphQL result, it could compromise your system (and possibly your network)
+
+If you were to directly evaluate code from a GraphQL result in any other language, it could compromise that application (and possibly your network)
+
+So, once more:
+
+*Never Execute Result Data*
+
+## Please Enjoy Responsibly

From 4fde6b75e0021a7b6ef470681c016d77cc7b099c Mon Sep 17 00:00:00 2001
From: James Brundage <+@noreply.github.com>
Date: Sun, 29 Dec 2024 14:50:42 -0800
Subject: [PATCH 5/6] release: GQL 0.1.1

Updating Manifest and CHANGELOG
---
 CHANGELOG.md | 7 +++++++
 GQL.psd1     | 9 ++++-----
 2 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index eb46760..ec6ea19 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,10 @@
+## GQL 0.1.1
+
+* Fixing Container Build (#38, #39)
+* Adding SECURITY.md (#17)
+
+---
+
 ## GQL 0.1
 
 * Initial Release of GQL
diff --git a/GQL.psd1 b/GQL.psd1
index 746ca7d..9158b3b 100644
--- a/GQL.psd1
+++ b/GQL.psd1
@@ -1,5 +1,5 @@
 @{
-    ModuleVersion = '0.1'
+    ModuleVersion = '0.1.1'
     RootModule = 'GQL.psm1'
     Guid = '9bf5c922-9f36-4c52-a7b6-d435837d4fa9'
     Author = 'James Brundage'
@@ -12,11 +12,10 @@
             ProjectURI = 'https://github.com/PowerShellWeb/GQL'
             LicenseURI = 'https://github.com/PowerShellWeb/GQL/blob/main/LICENSE'
             ReleaseNotes = @'            
-## GQL 0.1
+## GQL 0.1.1
 
-* Initial Release of GQL
-* One Simple Command for GraphQL: `Get-GQL` (or `GQL`)
-* Container and GitHub action included!
+* Fixing Container Build (#38, #39)
+* Adding SECURITY.md (#17)
 
 ---
 

From 071608e71d9eb6091f22dad6fd6554fd99763164 Mon Sep 17 00:00:00 2001
From: StartAutomating <StartAutomating@github.com>
Date: Sun, 29 Dec 2024 22:52:17 +0000
Subject: [PATCH 6/6] release: GQL 0.1.1

Updating Manifest and CHANGELOG
---
 docs/CHANGELOG.md | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md
index 057389e..4156323 100644
--- a/docs/CHANGELOG.md
+++ b/docs/CHANGELOG.md
@@ -1,3 +1,10 @@
+## GQL 0.1.1
+
+* Fixing Container Build (#38, #39)
+* Adding SECURITY.md (#17)
+
+---
+
 ## GQL 0.1
 
 * Initial Release of GQL