If you discover a security vulnerability in iCare, please report it responsibly.

Do not open a public issue. Instead, please use GitHub's private vulnerability reporting to submit your report directly.

• A clear description of the vulnerability.
• Steps to reproduce the issue.
• The potential impact and any suggested mitigations.

• You will receive an acknowledgement within 7 days.
• We aim to provide a fix or mitigation plan within 30 days of confirmation.
• Once resolved, we will credit reporters in the release notes (unless you prefer to remain anonymous).

This repository has the following GitHub security features enabled:

• Dependabot alerts — monitors dependencies for known vulnerabilities.
• Dependabot security updates — automatically raises pull requests for vulnerable dependencies.
• Secret scanning — detects accidentally committed secrets.
• Secret scanning push protection — blocks pushes that contain secrets.

Thank you for helping keep iCare safe.