Please do not report security vulnerabilities through public GitHub issues.

To report a security vulnerability, please open a GitHub Security Advisory or contact the maintainer directly via GitHub with:

• A description of the vulnerability
• Steps to reproduce the issue
• Potential impact of the vulnerability
• Any suggested mitigations (optional)

You should receive a response within 48 hours. If you do not, please follow up to ensure the original message was received.

After the initial reply, the security team will keep you informed about the progress toward a fix and a full announcement. We may ask for additional information or guidance.

Once a vulnerability is confirmed and a fix is ready, we will:

1. Prepare a fix and release it as quickly as possible.
2. Notify you so you can update as soon as the patch is available.
3. Publish a security advisory in this repository.