Please report security vulnerabilities privately via email to me@dohwi.com. Do not open a public issue.

• Go dependencies are monitored weekly via Dependabot
• CI runs govulncheck on every push and PR
• CodeQL analysis runs on push, PR, and weekly schedule