Please report security vulnerabilities privately.

• Preferred: Open a GitHub Security Advisory for this repository.
• Alternate: If advisories are unavailable, open a minimal public issue that does not include exploit details and note that you can share details privately.

We aim to respond within 7 business days.