Only the latest published version of each package receives security fixes.

Please do not report security vulnerabilities through public GitHub issues.

Use GitHub's private vulnerability reporting to submit a report. You can expect an acknowledgement within 48 hours and a resolution timeline within 7 days for critical issues.

Please include:

• A description of the vulnerability and its potential impact
• Steps to reproduce or a proof-of-concept
• Affected package(s) and version(s)
• Any suggested mitigation

We will credit reporters in release notes unless you prefer to remain anonymous.