| Version | Supported |
|---|---|
| 0.1.x | Yes |
If you discover a security vulnerability in astrowidget, please report it responsibly. Do not open a public issue.
- Use GitHub's private vulnerability reporting
- Include a description of the vulnerability, steps to reproduce, and any potential impact
- You can expect an initial response within 7 days
We will work with you to understand the issue, develop a fix, and coordinate disclosure.
astrowidget is a client-side Jupyter widget that renders astronomical data in the browser using WebGL2. Security concerns most likely involve:
- Malicious data inputs (crafted FITS/zarr files)
- Cross-origin issues in the Jupyter rendering context
- Dependency vulnerabilities
We use Dependabot to monitor and update dependencies for known vulnerabilities.