Security issues are considered top priority and fixed as soon as possible.

You are encouraged to write tests for your application and update your version of this package frequently after ensuring that your tests are passing. This way you will benefit from the latest features, bug fixes, and security fixes.

Two latest major versions of the package are subject to security updates.

We appreciate your efforts to responsibly disclose your findings, and will make every effort to acknowledge your contributions.

To report a security issue, please use the GitHub Security Advisory "Report a Vulnerability" tab.

Please try to be as explicit as possible, describing all the steps and example code to reproduce the security issue.

Project maintainers will send a response indicating the next steps in handling your report. After the initial reply to your report, the security team will keep you informed of the progress towards a fix and full announcement, and may ask for additional information or guidance.

Report security bugs in third-party modules to the person or team maintaining the module.

Please restrain from publicly discussing a potential security vulnerability.

It's better to discuss privately and try to find a solution first, to limit the potential impact as much as possible.