Vulnerabilities should not be disclosed as an issue, pull request, or other publicly-accessible document unless its severity has already been assessed to pose negligible risks to users. Instead, please submit a security advisory on GitHub: https://github.com/epispot/EpiJS/security/advisories. Alternatively, all vulnerabilities can be submitted on the npm page, or contact npm.quantalabs@gmail.com.

First report the security vulnerabiilty with the steps detailed above, and work on a fork with your changes, and submit the PR. Start work on the branch which corresponds to the oldest release that has the vulnerability.

DO NOT submit an issue, this should be confidential to help prevent attacks exploiting the vulnerability.