Security Vulnerability Response Instructions

⚠️ CRITICAL: This is a security vulnerability. Everything about this process is confidential until the advisory is published. Do not mention the vulnerability details in any public commit message, PR title, branch name, or comment. Do not push anything to a public branch. Do not discuss specifics in any public channel. Assume anything on the public repo is visible to attackers who will exploit the window between disclosure and user upgrades.

Context

A security vulnerability has been reported via GitHub Security Advisory:

• Advisory: {{ghsaId}} (e.g. GHSA-x8hx-rhr2-9rf7)
• Reporter: {{reporterHandle}}
• Severity: {{severity}}
• Notes: {{notes}}

Step 0: Fetch the Advisory Details