If you discover a security vulnerability, please do not open a public issue.

Instead, use GitHub's private reporting feature to report it confidentially.

You should receive a response within 48 hours. If the issue is confirmed, we will release a patch as soon as possible.

• Always use environment variables for secrets
• Never commit .env files or credentials to version control
• Keep dependencies updated (Dependabot is enabled)