We release patches for security vulnerabilities only in the latest stable version:
| Version | Supported |
|---|---|
| ^1.0.0 (latest 1.x.x) | ✅ |
| (all other 1.x.x versions) | ❌ |
| 0.x.x | ❌ |
We take security vulnerabilities seriously. If you discover a security issue in dino-validation, please report it responsibly.
Please do NOT report security vulnerabilities through public GitHub issues.
Instead, please report security vulnerabilities by:
-
GitHub Security Advisories (Preferred)
- Go to the Security tab
- Click "Report a vulnerability"
- Provide details about the vulnerability
-
Email (Alternative)
- Send an email to: cadamsmith.dev@gmail.com
- Include "SECURITY" in the subject line
- Provide a detailed description of the vulnerability
This project uses:
- CodeQL Analysis: Automated security scanning on every push
- Dependabot: Automated dependency updates
- Dependency Review: Blocks PRs with vulnerable dependencies
- npm Audit: Runs in CI to catch vulnerabilities
- npm Provenance: Build attestations for published packages
Thank you for helping keep dino-validation and its users safe!