We provide security updates for the following versions:
| Version | Supported |
|---|---|
| latest | ✅ |
If you discover a security vulnerability in this GitHub Action, please report it responsibly:
- Do not open a public issue
- Send an email to contact@quantecon.org with:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
We will acknowledge your email within 48 hours and provide a detailed response within 1 week indicating the next steps in handling your report.
When using this action:
- Always pin to a specific version or SHA rather than using
@main - Regularly update to the latest version
- Review the action's permissions and inputs
- Use secrets appropriately and never log sensitive information
We follow responsible disclosure practices and will:
- Acknowledge the vulnerability report
- Work on a fix
- Release the fix
- Publicly acknowledge the reporter (if desired)
Thank you for helping keep QuantEcon's GitHub Actions secure!