We take the security of calendar-simple very seriously.
Currently, only the latest major version of the library receives security updates.
| Version | Supported |
|---|---|
| 1.x.x | ✅ |
| < 1.0 | ❌ |
If you discover a security vulnerability within calendar-simple, please DO NOT open a public issue on GitHub.
Instead, please report it privately through GitHub's private vulnerability reporting. If you are unable to use that channel, reach out to the maintainer @Jaganath-MSJ directly.
Please include as much information as possible:
- The type of issue (e.g., XSS, prototype pollution).
- The versions of
calendar-simpleaffected. - Step-by-step instructions on how to reproduce the issue.
- The potential impact of the vulnerability.
We aim to acknowledge reports within 5 business days with an initial assessment and next steps.
Once a vulnerability is confirmed and patched, we will publish a security advisory and notify users of the update.