The main branch is the supported development line. Tagged releases, when available, are supported until they are superseded by a newer release.
Please do not report security vulnerabilities through public GitHub issues.
Use GitHub's private vulnerability reporting or security advisory flow for this repository when available:
If private reporting is unavailable, contact the project maintainers through a private channel listed by the Dependable Intelligent Systems Lab or the repository organization.
- Affected version, commit, or branch.
- A minimal reproduction or proof of concept.
- Expected impact and affected environment.
- Whether the issue involves package code, notebooks, workflows, dependencies, or dataset contents.
Security reports may include vulnerabilities in package code, project automation, dependency handling, or unsafe handling of dataset contents. Data licensing issues, privacy concerns, or accidental inclusion of sensitive data should also be reported privately first.
We aim to acknowledge reports promptly and coordinate a fix before public disclosure when the issue is valid.