From 69489aa384c9f82a4a57f98236959aeec03e01f0 Mon Sep 17 00:00:00 2001
From: Bjorn Lu <bjornlu.dev@gmail.com>
Date: Thu, 28 May 2026 11:00:07 +0800
Subject: [PATCH] Add SECURITY.md

---
 SECURITY.md | 13 +++++++++++++
 1 file changed, 13 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..888f3e7
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,13 @@
+# Security Policy
+
+## Supported Versions
+
+The latest major version of the project is supported with security updates. Previous major versions will also receive security updates for 12 months after the release of their respective next major versions.
+
+## Reporting a Vulnerability
+
+To report a vulnerability, please open a private vulnerability report at the respective repository's security page, e.g. https://github.com/changesets/changesets/security. Please do not report upstream vulnerabilities unless the code is bundled in the package.
+
+A maintainer will respond to your report as soon as possible. Please do not open a public issue for security vulnerabilities.
+
+Thanks for helping us keep our project secure!