Please do not report security vulnerabilities in public issues.
Use GitHub private vulnerability reporting for this repository:
Include:
- Impact summary
- Reproduction steps or proof of concept
- Affected versions/commit range
- Suggested remediation (if available)
This policy covers this repository's code and release artifacts. It does not cover upstream third-party services (for example, CELLAR endpoints).