Version support always extends only to the current MINOR version number (the second number under semantic versioning, following the pattern MAJOR.MINOR.PATH). There are no plans for any breaking changes to the API moving forward, only feature additions, so it seems a reasonable expectation for a dependant of this package to be able to upgrade with no problems.
Should any vulnerabilities ever be discovered, please contact me directly by email at [email protected]. Depending on the severity, a fix should be made available within one week. While the vulnerabilities possible are expected to be exceptionally minor, given the capabilities of this project, acknowledgement of the vulnerability reporter will be added to either the main README of the project, or an ACKNOWLEDGEMENTS page in the project.