Skip to content

Security: tatemz/effect-bdd

SECURITY.md

Security Policy

Supported Versions

Security fixes are provided for the latest released version of effect-bdd. Before reporting a vulnerability, verify that it is reproducible with that version.

Reporting a Vulnerability

Do not disclose suspected vulnerabilities in a public issue, discussion, or pull request.

Use GitHub's private vulnerability reporting form instead. Include:

  • the affected version;
  • a clear description of the impact;
  • steps or a minimal example that reproduces the issue; and
  • any known mitigations or workarounds.

You should receive an acknowledgement within seven days. The maintainer will investigate the report, keep you informed of material progress, and coordinate the timing of any fix and public disclosure with you.

Reports about vulnerabilities in a dependency should be sent to that dependency's maintainers unless effect-bdd uses the dependency in a way that creates a distinct vulnerability.

There aren't any published security advisories