We take security issues seriously. If you discover a security vulnerability, please report it responsibly.

Please do NOT open a public issue for security vulnerabilities.

Instead, please use GitHub Security Advisories to report vulnerabilities privately.

• Acknowledgment: We will acknowledge your report within 48 hours.
• Updates: We will provide updates on the progress of the fix.
• Disclosure: We will coordinate with you on the timing of public disclosure.

• Description of the vulnerability
• Steps to reproduce
• Potential impact
• Suggested fix (if any)