We try and keep our dependencies as updated as possible. We update most dependencies within a few dates of their releases thanks to dependabot. A few major updates can take up to a month or so if it takes a lot of work or we are depending on a sub-dependency getting upgraded. We try never to lag behind a major update for more than 3 months.

If you think you have found a vulnerability or would like to question us on security, feel free to reach out to us at [email protected]