krose
diff --git a/‎CODE_OF_CONDUCT.html‎
Lines changed: 1 addition & 1 deletion b/‎CODE_OF_CONDUCT.html‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎CONTRIBUTING.html‎
Lines changed: 1 addition & 1 deletion b/‎CONTRIBUTING.html‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎LICENSE.html‎
Lines changed: 1 addition & 1 deletion b/‎LICENSE.html‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎RELEASE_CHECKLIST.html‎
Lines changed: 3 additions & 2 deletions b/‎RELEASE_CHECKLIST.html‎
Lines changed: 3 additions & 2 deletions
diff --git a/‎RELEASE_CHECKLIST.md‎
Lines changed: 4 additions & 1 deletion b/‎RELEASE_CHECKLIST.md‎
Lines changed: 4 additions & 1 deletion
diff --git a/‎SECURITY.html‎
Lines changed: 80 additions & 0 deletions b/‎SECURITY.html‎
Lines changed: 80 additions & 0 deletions
diff --git a/‎SECURITY.md‎
Lines changed: 26 additions & 0 deletions b/‎SECURITY.md‎
Lines changed: 26 additions & 0 deletions
diff --git a/‎articles/architecture.html‎
Lines changed: 1 addition & 1 deletion b/‎articles/architecture.html‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/da-price-spread-vignette.html‎
Lines changed: 3 additions & 3 deletions b/‎articles/da-price-spread-vignette.html‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎articles/da-price-spread-vignette.md‎
Lines changed: 2 additions & 2 deletions b/‎articles/da-price-spread-vignette.md‎
Lines changed: 2 additions & 2 deletions
@@ -44,7 +44,10 @@ unexpected errors
 
 Run `devtools::test()` — all tests pass, no unexpected skips
 
-`devtools::test_coverage()` — no significant test coverage regression
+Run `devtools::test_coverage()` — no significant test coverage
+regression
+
+Run `semgrep ci` in CLI — to check security vulnerabilities
 
 ## 4. R CMD CHECK
 
 
@@ -0,0 +1,26 @@
+# Security Policy
+
+## Supported Versions
+
+Only the latest stable release receives security patches.
+
+## Reporting a Vulnerability
+
+Please **do not** open a public GitHub issue for security
+vulnerabilities.
+
+Use [GitHub’s private vulnerability
+reporting](https://github.com/krose/entsoeapi/security/advisories/new)
+to report issues confidentially.
+
+We aim to acknowledge reports within **7 days** and release a patch
+within **90 days**, depending on severity.
+
+## Scope
+
+In scope: - Leakage or improper handling of the `ENTSOE_PAT` API token -
+Unsafe processing of API responses (XML/JSON parsing) - Vulnerable
+transitive dependencies
+
+Out of scope: - Vulnerabilities in the ENTSO-E API itself - Issues
+requiring a compromised R environment
@@ -62,7 +62,7 @@ da_prices <- energy_prices(
 #> ── API call ────────────────────────────────────────────────────────────────────────────────────────────────────────────
 #> → https://web-api.tp.entsoe.eu/api?documentType=A44&in_Domain=10YPL-AREA-----S&out_Domain=10YPL-AREA-----S&periodStart=202512312300&periodEnd=202601072300&contract_MarketAgreement.type=A01&securityToken=<...>
 #> <- HTTP/2 200 
-#> <- date: Wed, 08 Apr 2026 13:16:12 GMT
+#> <- date: Mon, 13 Apr 2026 08:13:35 GMT
 #> <- content-type: text/xml
 #> <- content-disposition: inline; filename="Energy_Prices_202512312300-202601072300.xml"
 #> <- x-content-type-options: nosniff
@@ -92,7 +92,7 @@ glimpse(da_prices)
 #> $ ts_auction_type_def        <chr> "Implicit", "Implicit", "Implicit", "Implicit", "Implicit", "Implicit", "Implicit",…
 #> $ ts_business_type           <chr> "A62", "A62", "A62", "A62", "A62", "A62", "A62", "A62", "A62", "A62", "A62", "A62",…
 #> $ ts_business_type_def       <chr> "Spot price", "Spot price", "Spot price", "Spot price", "Spot price", "Spot price",…
-#> $ created_date_time          <dttm> 2026-04-08 13:16:12, 2026-04-08 13:16:12, 2026-04-08 13:16:12, 2026-04-08 13:16:12…
+#> $ created_date_time          <dttm> 2026-04-13 08:13:35, 2026-04-13 08:13:35, 2026-04-13 08:13:35, 2026-04-13 08:13:35…
 #> $ revision_number            <dbl> 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,…
 #> $ ts_resolution              <chr> "PT15M", "PT15M", "PT15M", "PT15M", "PT15M", "PT15M", "PT15M", "PT15M", "PT15M", "P…
 #> $ ts_time_interval_start     <dttm> 2025-12-31 23:00:00, 2025-12-31 23:00:00, 2025-12-31 23:00:00, 2025-12-31 23:00:00…