If you discover a security vulnerability in this action, please report it responsibly.

Do NOT open a public GitHub issue for security vulnerabilities.

Instead, please email: dikshant-devops (via GitHub private vulnerability reporting)

Or use GitHub's built-in private vulnerability reporting:

1. Go to the Security tab
2. Click Report a vulnerability
3. Fill in the details

• Acknowledgement within 48 hours.
• A fix or mitigation plan within 7 days for critical issues.
• Credit in the release notes (unless you prefer to remain anonymous).

This policy covers:

• The GitHub Action code in this repository (src/, action.yml, Dockerfile).
• The Docker image built and published from this repository.
• GitHub Actions workflow files in .github/workflows/.

Out of scope:

• Vulnerabilities in upstream dependencies (PyGithub, Python, git) -- please report those to the respective projects.