Security Policy Reporting a Vulnerability Create new issue with label security then: add your yarn.lock or package-lock.json files under the spoiler mark vulnerable dependencies if have add reproduction example with vulnerability