If you believe you've found a security vulnerability in Astro-Coverage-Planner, please report it privately — don't open a public GitHub issue. A public issue would broadcast the vulnerability to anyone watching the repo before a fix exists.

Use GitHub's Private Vulnerability Reporting:

1. Go to the Security tab of this repository.
2. Click "Report a vulnerability".
3. Fill in the form — the report is visible only to me as the maintainer.

What to include:

• A description of the vulnerability and its potential impact.
• Steps to reproduce (a minimal example is ideal).
• Any suggested mitigations or fixes if you have them.
• Whether you'd like public credit when the fix is released.

I'll aim to acknowledge receipt within a few days and to release a fix as soon as it's practical. Once a patch is available, the vulnerability is summarised in a public Security Advisory on the repo (with credit to the reporter where appropriate).

For non-security bugs, a regular GitHub issue is the right place.