Security fixes are applied to the default branch only.

Enable the following GitHub repository settings:

• Dependabot alerts
• Secret scanning
• Push protection
• Code scanning (CodeQL)

Please report security issues privately. Do not open a public issue.

Preferred reporting path:

• Open a private security advisory in GitHub for this repository.

Include as much detail as possible:

• Steps to reproduce
• Impact assessment
• Affected versions or commits
• Proof of concept (if available)

We will acknowledge receipt and provide a timeline for remediation once triaged.