To report a security vulnerability, please use the Tidelift security contact. Tidelift will coordinate the fix and disclosure.

If you have found a security vulnerability, in order to keep it confidential, please do not report an issue on GitHub.

We do not award bounties for security vulnerabilities.