If you discover a security vulnerability, please report it privately.

• Use GitHub Security Advisories for this repository
• If advisories are unavailable, open a minimal issue with the "security" label and avoid sensitive details

We will acknowledge receipt and coordinate a fix timeline.