Only the latest major version is supported at any given time.
To report a security vulnerability, please use the Tidelift security contact. Tidelift will coordinate the fix and disclosure.
Note that this package is intended for use in build-time transformations. It is only intended to handle trusted code. If a vulnerability requires a fix that would prevent important use cases, we may decide not to address it.