Security updates are applied to the default branch (main) of this repository. There are no separate release branches for the static site.

If you believe you have found a security vulnerability (e.g. in our build pipeline, dependencies, or published site behavior), please do not open a public issue with exploit details.

Preferred: use GitHub Security Advisories for this repository to report privately.

Include:

• A short description of the issue and its impact
• Steps to reproduce (if safe to share)
• Any suggested fix or mitigation (optional)

We will acknowledge receipt as soon as we can and coordinate a fix and disclosure timeline with you.

In scope: the repository, its CI/CD configuration, and the public site as deployed from this project. Out of scope: third-party services unless the issue stems from our integration code in this repo.