Thank you for helping keep the bQuery VS Code Extension and its users safe.

The bQuery VS Code Extension provides snippets and code completions for the bQuery ecosystem. Security concerns include: unsafe snippet content that could introduce vulnerabilities into generated code, extension host privilege escalation, and completions that guide users toward insecure patterns.

Security fixes are provided for the latest release of the bQuery VS Code Extension.

Please do not report security vulnerabilities through public GitHub issues.

Report them privately via one of the following:

1. GitHub Security Advisories (preferred): open a private report via the "Report a vulnerability" workflow on this repository.
2. Email: contact support@josunlp.de with the details below.

Please include:

• A description of the vulnerability and its potential impact.
• The affected extension version(s) and VS Code version.
• A minimal reproduction or step-by-step instructions.
• Any proof-of-concept or screenshots.

1. Acknowledgement within 5 business days.
2. Triage within 10 business days of acknowledgement.
3. Fix and release — high-severity issues within 30 days of validation.
4. Public advisory once a fix is available, with credit if you wish.

Thank you for helping make the bQuery VS Code Extension safer for everyone.