Do not open a public GitHub issue for security vulnerabilities.

Please use GitHub's private vulnerability reporting: 👉 Report a vulnerability

Include:

• Description of the vulnerability
• Steps to reproduce
• Potential impact
• Suggested fix (if known)

You will receive a response within 72 hours. If confirmed, a fix will be released within 7 days for critical issues.

This repository enforces:

• No direct commits to main (PRs required)
• Required code owner review on all PRs
• Signed commits required
• Secret scanning enabled (blocks accidental credential commits)
• Dependabot alerts and automated security updates enabled
• All PRs must use squash merge with linear history