Please do not open a public GitHub issue for security vulnerabilities.

Report them with GitHub private vulnerability reporting: Report a vulnerability

We will review reports and respond as soon as practical. Once confirmed, we will:

1. Work on a fix
2. Publish a patched release
3. Share a security advisory when appropriate