Please do not open public issues for security vulnerabilities.
Email the maintainer or use GitHub private vulnerability reporting if it is enabled for this repository. Include:
- A clear description of the vulnerability
- Steps to reproduce
- Affected routes, packages, or files
- Any proof of concept that helps verify the issue
We will acknowledge valid reports as soon as possible and prioritize fixes based on severity and exploitability.
This repository uses Dependabot for npm and GitHub Actions updates. Maintainers should review security update PRs before feature PRs.