Please do not report security vulnerabilities through public GitHub issues, discussions, or pull requests.

Instead, report them privately through GitHub's built-in vulnerability reporting:

1. Go to the Security tab of this repository.
2. Click Report a vulnerability.
3. Fill in the advisory form with as much detail as possible — affected package(s) and version(s), reproduction steps, and the potential impact.

We'll acknowledge your report, investigate, and keep you updated on the fix and disclosure timeline. Once a fix is released, we're happy to credit you in the advisory if you'd like.

Security fixes are released for the latest published version of each @senderkit/* package. Please upgrade to the latest version before reporting an issue you can't reproduce on a current release.