Based on VSCode 'engine': ^1.89.0

We release patches for security vulnerabilities in the following versions:

We take the security of our project seriously. If you discover a security vulnerability, we appreciate your efforts to responsibly disclose the issue to us. Please report vulnerabilities by following these steps:

1. Email Us: Send an email to [email protected] with the subject "Security Vulnerability Report". Include the following information:

   • A detailed description of the vulnerability.
   • Steps to reproduce the vulnerability.
   • Any potential impact the vulnerability may have.
   • Your contact information (name, email, etc.).

2. Response Time: We will acknowledge the receipt of your report within 48 hours. Our team will review the report and may contact you for further information or clarification. We strive to provide an initial assessment within 7 days.

3. Handling the Report: Once the vulnerability is confirmed, we will take the following steps:

   • Prepare a fix for the vulnerability.
   • Coordinate a disclosure timeline with you to ensure the issue is addressed before public disclosure.
   • Credit you for the discovery if you wish to be acknowledged.

4. Public Disclosure: After the vulnerability is resolved, we will issue a security advisory and release the patched version. We will also update this SECURITY.md file with information about the resolved issue.

To ensure the security of our project, we follow these best practices:

• Regularly update dependencies to the latest secure versions.
• Conduct code reviews to identify potential security issues.
• Implement automated security testing in our CI/CD pipeline.

If you have any questions or concerns about our security policy, please contact us at [email protected].

Thank you for helping us keep our project secure!