| Version | Supported |
|---|---|
| latest | ✅ |
If you discover a security vulnerability, please report it responsibly:
- Do NOT open a public GitHub issue.
- Email the maintainer directly or use GitHub's private vulnerability reporting.
- Include a description of the vulnerability, steps to reproduce, and potential impact.
- You will receive a response within 48 hours acknowledging the report.
- All API keys and tokens are encrypted at rest (AES-256-GCM).
- Environment secrets are never committed to the repository.
- TradingView webhook ingestion validates source IPs.
- Dependency vulnerabilities are monitored via Renovate and
pnpm audit.