This security policy outlines the expectations and procedures for reporting and resolving vulnerabilities in our GitHub repository. The security of our code is of utmost importance to us, and we appreciate the help of the community in identifying and reporting potential security vulnerabilities.

If you believe you have discovered a vulnerability in our repository, please report it to us immediately by opening a new issue on our GitHub repository. When reporting a vulnerability, please include as much detail as possible, including a clear description of the issue, steps to reproduce the vulnerability, and any relevant code snippets or screenshots.

We will acknowledge receipt of your vulnerability report within 24 hours, and we will work to triage the issue within five business days of receiving your report. We will provide regular updates on the status of the vulnerability and our progress in addressing it.

We will review the reported vulnerability and assess the potential impact to our codebase and systems. If the vulnerability is confirmed, we will determine the severity of the issue and prioritize it accordingly.

Once we have determined the severity of the vulnerability, we will work to address it as quickly as possible. We may contact you for additional information or assistance in reproducing the vulnerability, and we will keep you updated on our progress in fixing the issue.

Once the vulnerability has been fixed, we will publicly disclose the vulnerability and our response to it.

In some cases, we may determine that a reported vulnerability is not a security issue or does not pose a significant risk to our systems. If we decline to address a reported vulnerability, we will explain our decision and provide our rationale for not taking action.

We appreciate your assistance in helping to ensure the security of our codebase and systems. By working together, we can maintain a safe and secure environment for our users and customers.