We currently support the following versions with security updates:

If you discover a security vulnerability within this project, please send an email to [INSERT SECURITY EMAIL]. All security vulnerabilities will be promptly addressed.

Please include the following information in your report:

• Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.)
• Full paths of source file(s) related to the manifestation of the issue
• The location of the affected source code (tag/branch/commit or direct URL)
• Any special configuration required to reproduce the issue
• Step-by-step instructions to reproduce the issue
• Proof-of-concept or exploit code (if possible)
• Impact of the issue, including how an attacker might exploit it

This information will help us triage your report more quickly.

Security updates will be released as patch versions (e.g., 1.0.1, 1.0.2, etc.) for the latest minor version. We recommend always using the latest version to ensure you have the most recent security fixes.

When using this action in your workflows:

1. Always pin to a specific version rather than using latest
2. Regularly update to the latest version to receive security patches
3. Review the changelog before updating to understand any breaking changes
4. Use GitHub's security features like Dependabot to automatically receive security updates