If you discover a security vulnerability, please report it responsibly:
- Do not open a public issue.
- Email the maintainer or use GitHub's private vulnerability reporting feature.
- Include enough detail to reproduce and assess the issue.
We will acknowledge receipt within 48 hours and aim to provide a fix or mitigation within a reasonable timeframe.
This policy applies to the code in this repository and its submodules. Third-party dependencies should be reported to their respective maintainers.