If you discover a security vulnerability within this project, please report it by emailing [email protected] or by opening a private security advisory on GitHub. Do not create a public issue for security vulnerabilities.

We will respond as quickly as possible to your report and will work with you to address the issue promptly. We take security seriously and appreciate your efforts to responsibly disclose vulnerabilities.

We generally maintain support for the current and previous major versions of this package. If a version is no longer supported, it will be clearly noted in the CHANGELOG.md.

• Do not post details of the security issue in public repositories or issue trackers.
• Include as much information in your report as possible to help us reproduce and resolve the issue.
• We may request additional information or a proof‑of‑concept to verify and fix the vulnerability.