All versions of the bot are supported for security vulnerability reports. Please stick to the latest version of the bot as that will assist any contributors in properly dealing with any breaking changes that may occur.
| Version | Supported |
|---|---|
| * | Yes, LTS |
If you find a vulnerability within the project, locate your type of vulnerability and then follow the steps.
If the vulnerability has not been flagged by Snyk, Dependabot, or another user (who has followed these steps) when you discover the vulnerability, follow these steps:
- Update, lock, or downgrade the packages to a safe version that does not introduce breaking changes to the project.
- If breaking changes must be introduced, state so in the PR.
- Open an issue and state what effect the vulnerability has on the project
- If you know how to resolve the vulnerability, you can open a pull request and fix the issue there (You must add "fixes #<issue number>" so GitHub will link the issue and pull request)
- Contact one of the authors via Discord and state what the issue is in direct messages. They will advise you with the best course of action.