If you have a security concern or believe you have found a vulnerability in this project, please read out to the email in my GitHub profile.

I take supply chain security very seriously and have implemented measures to protect downstream users. This includes but is not limited to:

• Enabled Immutable Releases (from March 2026)
• Enabled Require actions to be pinned to a full-length commit SHA
• Enabled Secret Protection in all repositories
• Disabled Allow GitHub Actions to create and approve pull requests in all repositories
• Set default workflow permissions to read-only in all repositories
• Created a ruleset in all repositories requiring signed commits (from March 2026)