Please report security vulnerabilities through GitHub private vulnerability reporting:

1. Go to the Security tab
2. Click Report a vulnerability
3. Fill out the form

We respond within 48 hours.

• Dependabot for dependency updates
• CodeQL for code scanning
• Secret scanning and push protection