If you discover a security vulnerability, please report it responsibly:

1. Do not open a public GitHub issue for security vulnerabilities
2. Instead, email the maintainer or use GitHub's private vulnerability reporting
3. Include a description of the vulnerability, steps to reproduce, and any potential impact

You can expect an initial response within 48 hours and a resolution timeline within 7 days.

This policy applies to the GraphQL CLNT VS Code extension codebase. Third-party dependencies are managed via npm and updated regularly.