We use dependabot to keep dependencies up to date as much as possible.

Currently we support these versions of pigg

If you learn of a vulnerability that affects pigg, if it is a public CVE then you can create an issue in this repo, add the security label. If under embargo, or you cannot/shouldn't mention in public for some reason, then email one of the Authors (see authors field of Cargo.toml)