Do not file public issues for suspected vulnerabilities.
Instead, report them privately to the maintainers at codelabdavis@gmail.com with:
- a short summary
- affected paths or commands
- reproduction steps
- impact assessment
- any proposed remediation if available
We will acknowledge receipt, investigate, and coordinate disclosure once a fix or mitigation is ready.
This repository uses GitHub-native security automation where configured, starting with Dependabot and repository policy docs. Maintainers should also enable repository-level secret scanning and branch protection as documented in docs/maintainers.md.