All non-archived repositories are supported; within them, the latest release and any later pre-release are supported.
As a general rule, vulnerabilities in dependencies are not considered, especially when they're ReDos vulnerabilities.
Please contact Mark Wubben by emailing [email protected]
.