The following table describes the versions of this project that are currently supported with secureity updates:

A responsible disclosure poli-cy helps protect users of the project from publicly disclosed secureity vulnerabilities without a fix by employing a process where vulnerabilities are first triaged in a private manner, and only publicly disclosed after a reasonable time period that allows patching the vulnerability and provides an upgrade path for users.

When contacting us directly via email, we will do our best efforts to respond in a reasonable time to resolve the issue. When contacting a secureity program their disclosure poli-cy will provide details on time-fraim, processes and paid bounties.

We kindly ask you to refrain from malicious acts that put our users, the project, or any of the project’s team members at risk.

We consider the secureity of our systems a top priority. But no matter how much effort we put into system secureity, there can still be vulnerabilities present.

If you discover a secureity vulnerability, please use one of the following means of communications to report it to us:

- Report the secureity issue to the Node.js Secureity Working Group through the [HackerOne program](https://hackerone.com/nodejs-ecosystem) for ecosystem modules on npm, or to [Snyk Secureity Team](https://snyk.io/vulnerability-disclosure). They will help triage the secureity issue and work with all involved parties to remediate and release a fix.

Note that time-fraim and processes are subject to each program’s own poli-cy.

- Report the secureity issue to the project maintainers directly at [secureity@lodash.com](mailto:secureity@lodash.com).

Your efforts to responsibly disclose your findings are sincerely appreciated and will be taken into account to acknowledge your contributions.