If you discover a security vulnerability in this repository, please report it responsibly by opening a private security advisory.
Please do not open a public issue for security vulnerabilities, as this could expose the vulnerability before a fix is available.
Thanks for helping keep this project safe for everyone.
All contributions must be made with verified commit signatures. This is a core security requirement that ensures:
- Authenticity of contributions
- Protection against unauthorized code injection
- Compliance with security best practices
Commit signing is mandatory for all pull requests. Unsigned commits will be requested to be updated before merge.
Learn more about commit signing:
We regularly update dependencies and monitor for known vulnerabilities. Contributors are encouraged to:
- Keep dependencies up to date
- Report any known vulnerabilities in dependencies
- Follow the Contributing Guidelines when submitting dependency updates
For security-related questions or concerns, contact github@stoelzle.me.