If you discover a security vulnerability in this project, please report it responsibly.

Please do not open a public issue for security vulnerabilities.

Instead, please report them by opening a private security advisory on this repository.

You should expect an initial response within 72 hours. We will work with you to understand and address the issue before any public disclosure.

• Dependencies are monitored for known vulnerabilities via Dependabot.
• Pull requests require review before merging into the main branch.
• The main branch is the default and protected branch for this repository.