If you discover a security vulnerability, please report it responsibly:

1. Do not open a public issue
2. Email the maintainer or use GitHub's private vulnerability reporting (if enabled)
3. Include steps to reproduce and potential impact

• Acknowledgment within 48 hours
• Fix or mitigation within 7 days for critical issues
• Credit given to the reporter (unless they prefer anonymity)

• Code in this repository
• Dependencies managed by this project
• CI/CD pipeline configurations

• Issues in upstream dependencies (report to the upstream project)
• Social engineering attacks
• Denial of service attacks