# Security ## Supply chain security This project uses GitHub's dependabot to file automatic issues for dependency security updates. Maintainers will review and apply these updates as soon as possible. ## Reporting a security vulnerability If you believe you have found a security vulnerability in this project, please report it using the "Security" tab at the top of the repo. This project uses the GitHub security features to allow for confidential vulnerability reporting and fixes. Any security bugs will receive a CVE number and be tracked through the GitHub security feature.