Replace SECURITY.md with unified security policy

[Copilot]

Replaced the existing project-specific security documentation with a concise, standardized policy that emphasizes GitHub's private vulnerability reporting feature.

Changes

• Reorganized sections: Moved vulnerability reporting first, highlighting private GitHub reporting as the recommended method
• Generalized security best practices: Removed webhook/Redis-specific guidance (HMAC verification, deduplication, etc.) in favor of universal practices
• Updated supported versions: Changed from 1.0.x to 1.x and explicitly listed unsupported versions (< 1.0)
• Simplified recognition section: Consolidated verbose acknowledgment details into three concise bullet points

The new policy reduces content from 99 to 67 lines while improving scannability and maintaining all essential information.

Original prompt

Update SECURITY.md

Replace the current SECURITY.md file with the new concise, unified security policy.

New SECURITY.md Content

# 🔒 Security Policy

## 🚨 Reporting Security Vulnerabilities

We take security seriously. If you discover a security vulnerability, please report it responsibly: 

### Private Vulnerability Reporting (Recommended)

This repository has **private vulnerability reporting** enabled.  You can securely report vulnerabilities directly through GitHub: 

1. Navigate to the [**Security**](../../security) tab
2. Click [**Advisories**](../../security/advisories)
3. Click **"Report a vulnerability"** button
4. Fill out the vulnerability details

This allows us to discuss and fix the issue privately before any public disclosure. 

### Email Reporting

Alternatively, you can email us at **[security@wgtechlabs.com](mailto:security@wgtechlabs.com)**

**Please do NOT report security vulnerabilities through public GitHub issues.**

### What to Include

- Clear description of the vulnerability
- Steps to reproduce
- Potential impact
- Your environment details (Node.js version, OS, etc.)

### Response Timeline

- **Initial Response**: Within 48 hours
- **Status Updates**: Every 3-5 business days
- **Resolution**: Critical issues resolved within 7 days

## 🛡️ Supported Versions

We provide security updates for the following versions.  If you're using an unsupported version, please upgrade to receive security patches. 

| Version | Supported          |
| ------- | ------------------ |
| 1.x     | ✅ Yes             |
| < 1.0   | ❌ No              |

## 🔐 Security Best Practices

When contributing or deploying:  

- ✅ Never commit secrets, API keys, or credentials
- ✅ Always use environment variables for sensitive data
- ✅ Keep dependencies updated
- ✅ Use HTTPS/TLS for all endpoints
- ✅ Enable security scanning (Dependabot, CodeQL)

## 🏆 Recognition

While we don't offer monetary rewards, we deeply value security researchers and provide:  

- Public acknowledgment in security advisories (with permission)
- Recognition in our security contributors hall of fame
- Professional references for your security work

Thank you for helping keep our projects secure!  🙏

---

🔐 with ❤️ by [Waren Gonzaga](https://warengonzaga.com) under [WG Technology Labs](https://wgtechlabs.com) and [Him](https://www.youtube.com/watch?v=HHrxS4diLew&t=44s) 🙏

Requirements

• Replace the entire content of SECURITY.md with the above content
• Maintain proper markdown formatting
• Keep the file at the root directory

This pull request was created as a result of the following prompt from Copilot chat.

Update SECURITY.md

Replace the current SECURITY.md file with the new concise, unified security policy.

New SECURITY.md Content

# 🔒 Security Policy

## 🚨 Reporting Security Vulnerabilities

We take security seriously. If you discover a security vulnerability, please report it responsibly: 

### Private Vulnerability Reporting (Recommended)

This repository has **private vulnerability reporting** enabled.  You can securely report vulnerabilities directly through GitHub: 

1. Navigate to the [**Security**](../../security) tab
2. Click [**Advisories**](../../security/advisories)
3. Click **"Report a vulnerability"** button
4. Fill out the vulnerability details

This allows us to discuss and fix the issue privately before any public disclosure. 

### Email Reporting

Alternatively, you can email us at **[security@wgtechlabs.com](mailto:security@wgtechlabs.com)**

**Please do NOT report security vulnerabilities through public GitHub issues.**

### What to Include

- Clear description of the vulnerability
- Steps to reproduce
- Potential impact
- Your environment details (Node.js version, OS, etc.)

### Response Timeline

- **Initial Response**: Within 48 hours
- **Status Updates**: Every 3-5 business days
- **Resolution**: Critical issues resolved within 7 days

## 🛡️ Supported Versions

We provide security updates for the following versions.  If you're using an unsupported version, please upgrade to receive security patches. 

| Version | Supported          |
| ------- | ------------------ |
| 1.x     | ✅ Yes             |
| < 1.0   | ❌ No              |

## 🔐 Security Best Practices

When contributing or deploying:  

- ✅ Never commit secrets, API keys, or credentials
- ✅ Always use environment variables for sensitive data
- ✅ Keep dependencies updated
- ✅ Use HTTPS/TLS for all endpoints
- ✅ Enable security scanning (Dependabot, CodeQL)

## 🏆 Recognition

While we don't offer monetary rewards, we deeply value security researchers and provide:  

- Public acknowledgment in security advisories (with permission)
- Recognition in our security contributors hall of fame
- Professional references for your security work

Thank you for helping keep our projects secure!  🙏

---

🔐 with ❤️ by [Waren Gonzaga](https://warengonzaga.com) under [WG Technology Labs](https://wgtechlabs.com) and [Him](https://www.youtube.com/watch?v=HHrxS4diLew&t=44s) 🙏

Requirements

• Replace the entire content of SECURITY.md with the above content
• Maintain proper markdown formatting
• Keep the file at the root directory

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

[github-actions]

🔥 Container Build Complete - Patch Build

Build Status: ✅ Success
Flow Type: patch
Description: Hotfix for production

---

📦 Pull Image

Docker Hub: docker pull wgtechlabs/unthread-webhook-server:patch-b81b0b0

GHCR: docker pull ghcr.io/wgtechlabs/unthread-webhook-server:patch-b81b0b0

---

📋 Build Details

Property	Value
Flow Type	patch
Commit	3900969
Registry	Docker Hub + GHCR

🏷️ Image Tags

• wgtechlabs/unthread-webhook-server:patch-b81b0b0
• ghcr.io/wgtechlabs/unthread-webhook-server:patch-b81b0b0

---

🔍 Testing Your Changes

1. Pull the image using one of the commands above
2. Run the container with your test configuration
3. Verify the changes work as expected
4. Report any issues in this PR

---

🚀 Quick Start

# Pull and run the container
Docker Hub: docker pull wgtechlabs/unthread-webhook-server:patch-b81b0b0
docker run <your-options> <image>

---

_{🤖 Powered by Container Build Flow Action
💻 with ❤️ by Waren Gonzaga under WG Technology Labs, and Him 🙏}

[Copilot]

Pull request overview

This pull request replaces the project-specific SECURITY.md with a generalized, unified security policy template. The update reorganizes the document to emphasize GitHub's private vulnerability reporting, removes webhook server-specific security guidance, and simplifies the overall structure from 99 to 67 lines.

Key Changes

• Relocated vulnerability reporting section to the top with emphasis on GitHub's private reporting feature
• Removed project-specific security considerations (HMAC verification, Redis security, webhook-specific guidance)
• Updated supported version notation from 1.0.x to 1.x

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.