Security fixes are applied to the latest state of the default branch.

Please do not open a public GitHub issue for security reports.

Use GitHub's private vulnerability reporting for this repository if it is enabled. If it is not available, contact the maintainer privately through the repository owner's GitHub profile.

Include:

• a clear description of the issue
• steps to reproduce it
• impact and affected routes or files
• any suggested mitigation if you already have one

You should receive an acknowledgement after the report is reviewed.