If you discover a vulnerability, please contact a maintainer directly. Avoid creating an issue or starting a discussion. If you're able to identify the vulnerability, you may also be able to submit a pull request. We encourage you to do so. We will merge your fix and publish it as soon as possible to all package registries.