Packages in the dependency chain are regularly scanned for new versions, and updated as required.
If you think you have discovered a security issue in this project, please report it. You can use the "security advisories" option to create a report.
We will take all security bugs seriously and if confirmed upon investigation we will patch it within a reasonable amount of time.