Only the latest major version is supported at any given time.
To report a security vulnerability, please use the Tidelift security contact. Tidelift will coordinate the fix and disclosure.
Note that this module is intended for build-time transforms on trusted code. As such, if a security fix requires changes that would make the module significantly less powerful, we may prefer the unsafety.