⚠️ Please do not file public GitHub issues for security vulnerabilities as they are open for everyone to see! ⚠️

We encourage responsible disclosure practices for security vulnerabilities.

If you believe you've found a security-related bug, fill out a new vulnerability report via GitHub directly. To do so, follow these instructions:

1. Click on the Security tab in the project repository.
2. Click the green Report a vulnerability button at the top right corner.
3. Fill in the form as accurately as you can, including as many details as possible.
4. Click the green Submit report button at the bottom.

If you prefer to, you may also report a security vulnerability through the Tidelift security contact. Tidelift will coordinate the fix and disclosure. This is not the maintainers' first preference, though. Please, use the GitHub's vulnerability reporting option, whenever possible.