Security researchers frequently report CSV formula injection as a security vulnerability in Wagtail, but that's the responsibility of the software consuming the CSV, not creating it. Hopefully this explanation will stop them from doing that (or at least give us a ready-made response to point at when they do).
* Update references to `master` branch to say `main`
* Update external links
* Update links in old release notes
Use tagged versions of code rather than current code
