Security Policy Do not commit secrets. Use GitHub Secrets for CI and deployment. Report vulnerabilities via GitHub Issues (private if possible) or contact the maintainer. Dependencies are updated weekly via Dependabot.