If you discover a security issue, please report it privately so we can address it before a public disclosure.
Preferred channel:
- Use GitHub Security Advisories for this repository to open a private report.
If you cannot use Security Advisories:
- Open a GitHub issue with minimal details and mark it as security-sensitive.
We aim to acknowledge reports within 3 business days and provide a remediation plan or fix as soon as possible.