Please do not open a public issue for security vulnerabilities.
Report them privately through GitHub's private vulnerability reporting:
- Go to the Security tab of this repository.
- Click Report a vulnerability.
- Fill out the advisory form with as much detail as you can — the affected version, reproduction steps, and the impact.
You'll get a response as soon as possible, and we'll coordinate a fix and disclosure with you privately before anything is made public.
This project is pre-1.0 and under active development. Security fixes land on the latest released version. Until it reaches 1.0, pin to a known-good version and watch releases.