We take security seriously and will actively support and provide updates for the following versions of our JavaScript animation tool:

If you are using an unsupported version, we recommend upgrading to a supported version to ensure you receive security updates.

If you discover a security vulnerability, we would appreciate your help in disclosing it responsibly. Please follow these steps:

1. Do not open a public issue: Security issues should not be discussed publicly until they have been properly investigated and patched. Opening a public issue can expose users to potential risks.

2. Send an email: Report the vulnerability by sending an email to ilya@sheremetov.com. In your email, please include:

   • A description of the vulnerability.
   • Steps to reproduce the vulnerability.
   • The potential impact of the vulnerability.
   • Any other information that might help us understand and resolve the issue.

3. Acknowledgement: We will acknowledge your email within 72 hours and provide an estimate of when we expect to investigate and address the issue.

4. Resolution: We aim to address all security vulnerabilities promptly. Once a fix has been prepared, we will coordinate with you on the disclosure process to ensure that the vulnerability is fully resolved before any public announcement.

We will notify users about security updates via:

• GitHub Security Advisories (if applicable)
• Release notes on the repository's releases page
• Any other relevant channels where project announcements are made

To ensure the security of your installation:

• Keep your dependencies up to date: Regularly update dependencies to mitigate known vulnerabilities.
• Use strong credentials: Always use strong, unique passwords and protect your authentication credentials.
• Review third-party packages: If you add new dependencies, review them for known vulnerabilities using tools like npm audit or Snyk.

For any other security-related inquiries, please contact us at ilya@sheremetov.com.

Thank you for helping us keep our community safe!