khanij 1.1.0

Khanij — geology and mineralogy engine for crystal structures, rock cycles, soil, and mineral properties
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49

# Security Policy

## Supported Versions

| Version | Supported |
|---------|-----------|
| 0.1.x   | Yes       |

## Reporting a Vulnerability

Please report security vulnerabilities through
[GitHub Security Advisories](https://github.com/MacCracken/khanij/security/advisories/new).

**Do not** open a public issue for security vulnerabilities.

Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact assessment

## Response Timeline

| Stage | Target |
|-------|--------|
| Acknowledgement | 48 hours |
| Initial assessment | 5 business days |
| Critical severity fix | 14 days |
| High severity fix | 30 days |
| Moderate/Low severity | Next scheduled release |

## Scope

This policy covers the `khanij` crate and its published API. Vulnerabilities in
upstream dependencies should be reported to the respective maintainers; we will
track and update our dependency pins as fixes become available.

Security concerns for this crate primarily involve:

- **Denial of service**: Inputs that cause excessive computation or memory usage
- **Numerical overflow**: Calculations that produce incorrect results silently
- **Dependency vulnerabilities**: Issues in upstream crates

We run `cargo audit` and `cargo deny` in CI to catch known dependency
vulnerabilities.

## Disclosure

We follow coordinated disclosure. Reporters will be credited in the release
notes unless they prefer to remain anonymous.