Security updates are applied only to the latest release.
To report a security issue, please use the GitHub Security Advisory "Report a Vulnerability" tab.
Report security bugs in third-party modules to the person or team maintaining the module. You can also report a vulnerability through the npm contact form by selecting "I'm reporting a security vulnerability".
If you do not receive an acknowledgement of your report within 6 business days,
or if you cannot find a private security contact for the project, you may
escalate to the OpenJS Foundation CNA at security@lists.openjsf.org.
If the project acknowledges your report but does not provide any further response or engagement within 14 days, escalation is also appropriate.