You should rely on latest version.
After finding a vulnerability, you should give vulnerable element. Any screenshots, if applicable. If issue is happenning only with specific type of input, attach this input here.
All security issues will be fixed as fast as possible. If issue will not be fixed in 24 hours, advisory will be created and further information will be needed. Fixing security issues mentioned in published advisories will be priority 1.
Check one of these.
- DoS
- DDoS
- XSS
- Other (write type of issue below)
Give a video, screenshots of how to exploit vulnerability, and what vulnerable element is.
If there are workarounds, write them here.
These are packages that were fixed manually:
- serialize-javascript
- compression-webpack-plugin
- less-loader
- clean-css
No need to worry than there are outdated versions of these packages.