🦠 fix(security): use absolute URL in SECURITY.md for Scorecard

[UniquePixels]

Summary

OpenSSF Scorecard gives a 4/10 on Security-Policy with "no linked content found", despite SECURITY.md linking to GitHub's private vulnerability reporter.

Root Cause

The link on SECURITY.md line 5 uses a relative path:

[report it privately](/../../security/advisories/new)

Scorecard's link checker doesn't resolve relative GitHub paths — it needs a full URL to detect linked content.

Fix

Replace with the absolute URL:

[report it privately](https://github.com/UniquePixels/unicorn/security/advisories/new)

This should bring the Security-Policy score from 4 to 10.

[coderabbitai]

Coding Plan

Summary

• Single-line fix in SECURITY.md converting a relative GitHub path to an absolute URL
• Change enables OpenSSF Scorecard to properly detect and validate the security advisories link
• No functional change to the user experience when viewing the file on GitHub

Implementation Steps

Update Security Advisory Link

Replace the relative URL with an absolute URL in SECURITY.md to ensure external link checkers can properly validate the security reporting link.

Convert Relative URL to Absolute URL

Update the vulnerability reporting link to use a fully qualified URL that external tools can resolve.

• Modify SECURITY.md line 5 to replace the relative path /../../security/advisories/new with the absolute URL https://github.com/UniquePixels/unicorn/security/advisories/new
• Preserve the existing link text "report it privately" and surrounding sentence structure
• No other changes needed to the file

🤖 Prompt for AI agents

Update `SECURITY.md` to replace a relative URL with an absolute URL so that
external tools like OpenSSF Scorecard can properly resolve the link.

- In `SECURITY.md` at line 5, find the relative path
`/../../security/advisories/new` and replace it with the absolute URL
`https://github.com/UniquePixels/unicorn/security/advisories/new`
- Preserve the existing link text "report it privately" and all surrounding
sentence structure unchanged
- No other changes should be made to the file

Research

The repository contains a standard SECURITY.md file at the root level with 29 lines of content. Line 5 contains a link to GitHub's private vulnerability reporting feature using a relative path (/../../security/advisories/new). This relative path works within GitHub's UI but is not resolvable by external tools like OpenSSF Scorecard. No other relative URLs exist in the file.

---

🚀 Next Steps

🤖 All AI agent prompts combined

Update `SECURITY.md` to replace a relative URL with an absolute URL so that
external tools like OpenSSF Scorecard can properly resolve the link.

- In `SECURITY.md` at line 5, find the relative path
`/../../security/advisories/new` and replace it with the absolute URL
`https://github.com/UniquePixels/unicorn/security/advisories/new`
- Preserve the existing link text "report it privately" and all surrounding
sentence structure unchanged
- No other changes should be made to the file

💡 Iterate on the plan with: @coderabbitai <feedback>

Example Feedback
- `@coderabbitai` You can skip phase 3. Add a simple unit test case for phase 2.
- `@coderabbitai` For design choice 1 go ahead with option 3 and replan.

---

💬 Have feedback or questions? Drop into our discord!