If you discover a security vulnerability, please report it responsibly.
Do not open a public issue.
Instead, use GitHub's private vulnerability reporting to submit your report.
You should receive a response within 48 hours. We'll work with you to understand the issue and coordinate a fix before any public disclosure.