Thanks for helping make GitHub Open Source Software safe for everyone.

GitHub takes the security of our software products and services seriously, including all the open source code repositories managed through our GitHub organizations, such as Eclipse ECSP.

Even though open source repositories are outside of the scope of our bug bounty program and therefore not eligible for bounty rewards, we want to make sure that your finding gets passed along to the maintainers of this project for remediation.

Since this source is part of eclipse-ecsp (a GitHub organization) we ask that you follow the guidelines here to report anything that you might've found.

This project uses Dependabot tool to monitor (and fix) vulnerabilities in this project's dependencies.

• Dependabot is a GitHub Security Feature. It tracks vulnerabilities in several languages including JavaScript.
• When Dependabot detects any vulnerabilities in the GitHub Advisory Database, it sends a notification and may also open a pull request to fix the vulnerability.
• Only project maintainers can see Dependabot alerts