Security

Report a vulnerability

SECURITY.md

Security Policy

Supported Versions

Active development happens on main.

Reporting a Vulnerability

Please report vulnerabilities privately via GitHub Security Advisories:

Security tab → Advisories → Report a vulnerability

Do not open public issues for active vulnerabilities.

Security Baseline Enforced

Branch protection on main
Required PR reviews + status checks
Force-push/deletion disabled on protected branch
CodeQL analysis enabled
Dependency review on PRs
Dependabot updates for pip + GitHub Actions
Commit signature requirement on protected branch

There aren't any published security advisories