# Security Policy

## Supported Versions
Only the latest major version is supported at any given time.

## Reporting a Vulnerability

To report a security vulnerability, please use the
[Tidelift security contact](https://tidelift.com/security).
Tidelift will coordinate the fix and disclosure.

Note that this package is intended for use in build-time
transformations. It is only intended to handle trusted code. If a
vulnerability requires a fix that would prevent important use cases, we
may decide not to address it.