If you discover a security issue, please report it privately to the repository owner via GitHub private issues or email. Do not disclose publicly until a fix is available.
Maintainers should:
- Rotate affected keys immediately.
- Patch vulnerable code and release a new version.
- Notify affected users where appropriate.