Please report security vulnerabilities via GitHub's private vulnerability reporting feature on this repository:
- Open the Security tab.
- Click Report a vulnerability.
- Fill in the advisory form.
You will receive a response acknowledging the report within 7 days.
Do not file public issues for security vulnerabilities.
This policy covers the code in this repository. Vulnerabilities in upstream dependencies should be reported to the respective project.