Create security policy, publish script for lts

Resolves #1857

Author: Gerrit0

.github/CONTRIBUTING.md

@@ -129,7 +129,7 @@ Before submitting a pull request, make sure that there are no linting problems (
 
 If your change is user facing, consider updating `CHANGELOG.md` to describe the change you have made. If you don't, the maintainer who merges your pull request will do it for you.
 
-Please do not change the project version number in a pull request.
+Please do not change the project version number in a pull request unless submitting a patch to the `lts` branch.
 
 ## Updating Your Branch
 

.github/SECURITY.md

@@ -0,0 +1,25 @@
+# Security Policy
+
+## Supported Versions
+
+The TypeDoc team supports the latest minor version. For one minor version prior to the latest,
+pull requests providing patches to fix security vulnerabilities will be accepted. Support for the
+previous minor version relies completely on community pull requests.
+
+| Version | Status             |
+| ------- | ------------------ |
+| 0.22.x  | :white_check_mark: |
+| 0.21.x  | :warning:          |
+| < 0.21  | :x:                |
+
+## Patching LTS Versions
+
+If you depend on the prior minor version of TypeDoc and want to submit a fix, submit a pull request
+to the `lts` branch. When merged, a new version will be automatically published with your patch.
+
+Be sure to include:
+
+-   A line in `CHANGELOG.md` that notes what changed.
+-   An update to the version field in `package.json`.
+
+Note: Only pull requests which fix security vulnerabilities will be accepted. Additional features and bug fixes are out of scope for old versions.

.github/workflows/publish-lts.yml

@@ -0,0 +1,35 @@
+name: Publish LTS
+on:
+    push:
+        branches:
+            - lts
+jobs:
+    npm-publish:
+        name: npm-publish
+        runs-on: ubuntu-latest
+        steps:
+            - name: Checkout repository
+              uses: actions/checkout@v2
+            - id: check
+              uses: EndBug/version-check@v1
+              with:
+                  diff-search: true
+            - name: Set up Node
+              if: steps.check.outputs.changed == 'true'
+              uses: actions/setup-node@v1
+              with:
+                  node-version: "16"
+            - name: Upgrade npm
+              if: steps.check.outputs.changed == 'true'
+              run: npm i -g npm@latest
+            - name: Install
+              if: steps.check.outputs.changed == 'true'
+              run: npm ci
+            - name: Setup publish token
+              if: steps.check.outputs.changed == 'true'
+              run: echo "//registry.npmjs.org/:_authToken=${NPM_AUTH_TOKEN}" > .npmrc
+              env:
+                  NPM_AUTH_TOKEN: ${{ secrets.NPM_AUTH_TOKEN }}
+            - name: Publish
+              if: steps.check.outputs.changed == 'true'
+              run: npm publish --tag lts