Keeping software secure can be a f*cking headache. While this CLI tool might look like a simple automating tool, it ships to production with access to filesystem read and write, environment variable access, networking access, command execution access, and system information access, so security is actually important.
If you find a security vulnerability, you should do one of the following:
- If you simply found what can be considered a SECURITY issue, contact us privately, through Discord or e-mail. We'll work on a patch and release it as soon as possible.
- If you found an issue AND you know how and want to fix it yourself - first, thank you! - and second, contact us with the fix rather than making a public fork and a public PR. Security issues must be kept secret to avoid exploiting. You will be acknowledged as a contributor for your help, don't worry.
This section is here for redundancy, as this isn't some large-scale project with "v20" and "v19" being both supported. As soon as v3 comes out, v2 drops support. The latest major (as we use SemVer) defines whether a version is supported or not. Period.