If you discover a security vulnerability in this project, please do not open a public issue. Instead, please email your findings directly to:
Please include:
- Description of the vulnerability
- Steps to reproduce it
- Potential impact
- Suggested fix (if you have one)
We appreciate responsible disclosure and will make every effort to acknowledge your report and develop a fix.
This project follows these security practices:
- All changes to the main branch require:
- At least 1 approving review
- Status checks to pass
- Resolution of all conversations
- Code owner review for sensitive files
- No force pushes or deletions allowed
- Dependencies are regularly updated
- Security vulnerabilities are addressed promptly
- Dependabot alerts are enabled and monitored
- All contributions are reviewed before merging
- Code owners must approve changes to critical files
- Automated security checks are run on all PRs
| Version | Supported |
|---|---|
| Latest | ✅ Yes |
| Older versions |
- This is an open-source project maintained by volunteers
- Security issues will be addressed based on severity and available resources
- We follow Coordinated Vulnerability Disclosure (CVD) practices
We recommend:
- Always using the latest version
- Regularly reviewing GitHub security alerts
- Following secure coding practices when using this API
- Reporting any suspicious activity
Thank you for helping keep this project secure!