If you find a dependency vulnerability that is not covered by Dependabot, please either submit a pull request with the dependency updated/resolved, or create an issue detailing the vulnerability, preferably with an external report.

If a code vulnerability, please create an issue with a thorough explanation, preferably with a code example to reproduce with. An associated pull request with a fix is also welcome.