Update supported version in SECURITY.md to 0.x.x

[peteski22]

Summary

• Updates the supported version pattern in SECURITY.md from 0.0.x to 0.x.x to reflect the latest release (v0.1.0).

Test plan

• Verified latest release is v0.1.0, which is beyond the 0.0.x range
• Review the SECURITY.md change

Summary by CodeRabbit

• Documentation
  • Updated the security support policy to reflect the new supported version entry and mark the older series as unsupported.
  • Replaced references to the Python SDK with the JavaScript SDK across the policy and scope examples.
  • Removed the public issue notification from the vulnerability reporting section.
  • Expanded the reporting form to include optional proof-of-concept and reporter contact information and adjusted repository links.

[coderabbitai]

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 7afaead and 91e594c.

📒 Files selected for processing (1)

• SECURITY.md

---

Walkthrough

SECURITY.md was updated to rename repository references to mcpd-sdk-javascript, change supported version entries (0.0.x → 0.1.x supported; 0.0.x not supported), modify reporting form fields, remove public GitHub issue notification, and update scope examples and links for the JavaScript repo (≤50 words).

Changes

Cohort / File(s)	Summary
Security Documentation SECURITY.md	Replaced mcpd-sdk-python references with mcpd-sdk-javascript; updated Supported Versions table (0.1.x marked supported, 0.0.x not supported); removed public GitHub issue notification; expanded reporting form to include Proof of Concept and Contact Information; updated scope examples and repository links.

Possibly related PRs

• Bump SDK version to v0.1.0 #23: Bumps package version to 0.1.0 and aligns with the version change reflected in SECURITY.md.

Suggested reviewers

• agpituk

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and specifically describes the main change: updating the supported version pattern in SECURITY.md from 0.0.x to 0.x.x.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch update-security-supported-version

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)

SECURITY.md (2)

19-19: ⚠️ Potential issue | 🟡 Minor

Duplicate ## Reporting a Vulnerability section heading.

The heading at Line 19 is identical to the one at Line 3. This creates two anchors with the same name, which breaks in-page linking (most Markdown renderers will suffix the second with -1, silently breaking any direct links). The second heading appears to be a structural mistake — the content beneath it (the email address and reporting instructions) logically belongs under the first heading.

✏️ Proposed fix — remove the duplicate heading

-## Reporting a Vulnerability
-
 **Please DO NOT open a public GitHub issue.**

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@SECURITY.md` at line 19, Remove the duplicated "## Reporting a Vulnerability"
heading (the second occurrence shown in the diff) and attach the email address
and reporting instructions currently under that second heading to the original
"## Reporting a Vulnerability" section at the top, ensuring there is only one
heading and all related content lives beneath it so in-page anchors remain
unique.

---

7-7: ⚠️ Potential issue | 🟡 Minor

Wrong SDK name — this repository is mcpd-sdk-javascript, not mcpd-sdk-python.

Line 7 (and also Lines 27 and 50) all reference mcpd-sdk-python. This appears to be a copy-paste from the Python SDK's security policy that was never updated. In a security disclosure document, incorrect project names can cause reporters to contact the wrong team or reference the wrong repository.

✏️ Proposed fix for all three occurrences

-This document outlines the process for reporting vulnerabilities in `mcpd-sdk-python`.
+This document outlines the process for reporting vulnerabilities in `mcpd-sdk-javascript`.

-1.  **Project Name and Version:** Specify which project (`mozilla-ai/mcpd-sdk-python`) and which version(s) are affected.
+1.  **Project Name and Version:** Specify which project (`mozilla-ai/mcpd-sdk-javascript`) and which version(s) are affected.

-This security policy applies to all components of [mcpd](https://github.com/mozilla-ai/mcpd) (for example, this repository: [mcpd-sdk-python](https://github.com/mozilla-ai/mcpd-sdk-python)).
+This security policy applies to all components of [mcpd](https://github.com/mozilla-ai/mcpd) (for example, this repository: [mcpd-sdk-javascript](https://github.com/mozilla-ai/mcpd-sdk-javascript)).

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@SECURITY.md` at line 7, Replace all incorrect references to "mcpd-sdk-python"
in SECURITY.md with the correct repository name "mcpd-sdk-javascript"
(occurrences noted around the current lines that mention the SDK name). Update
each mention (the ones at the top, middle, and bottom of the file) so the
security policy consistently references mcpd-sdk-javascript and any related
context strings are adjusted to match the JavaScript SDK naming.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Outside diff comments:
In `@SECURITY.md`:
- Line 19: Remove the duplicated "## Reporting a Vulnerability" heading (the
second occurrence shown in the diff) and attach the email address and reporting
instructions currently under that second heading to the original "## Reporting a
Vulnerability" section at the top, ensuring there is only one heading and all
related content lives beneath it so in-page anchors remain unique.
- Line 7: Replace all incorrect references to "mcpd-sdk-python" in SECURITY.md
with the correct repository name "mcpd-sdk-javascript" (occurrences noted around
the current lines that mention the SDK name). Update each mention (the ones at
the top, middle, and bottom of the file) so the security policy consistently
references mcpd-sdk-javascript and any related context strings are adjusted to
match the JavaScript SDK naming.