Do not open a public GitHub issue for security vulnerabilities.

Report privately via GitHub Security Advisories: Repository → Security → Advisories → Report a vulnerability

Include:

• Description of the vulnerability
• Steps to reproduce
• Potential impact
• Suggested fix (if any)

You will receive a response within 7 days.

Dependencies are kept up to date automatically via Renovate and Dependabot. See docs/guides/updating-dependencies.md.