v0.1.0 receives security review once released. Before v0.1.0, unreleased main receives maintainer review for reported vulnerabilities.

Report vulnerabilities through GitHub Private Security Advisories for this repository. Use the repository Security tab and its private vulnerability reporting flow.

Do not disclose vulnerabilities publicly before maintainer coordination is complete.

Repository administrators must enable GitHub private vulnerability reporting outside this implementation when the repository is ready for public reporting.