This repository is a reference template, not a deployed service. We patch dependency versions as Dependabot opens PRs and merge them after CI passes. There is no "supported version" matrix — when you copy this template into a real service, pin to the latest tag and accept Dependabot PRs there as well.

If you find a security issue in this template — in the wiring, in the example interceptors, in the demo script, or anywhere else — please open a private GitHub Security Advisory in this repository:

https://github.com/leozw/connect-dual-protocol-example/security/advisories/new

Do not open a public issue.

For vulnerabilities in the third-party libraries this template uses (connectrpc/*, bufbuild/protovalidate-go, open-telemetry/opentelemetry-go, bufbuild/buf, etc.), report upstream first — the relevant projects have their own published security policies.