The repository is currently enabled with Privately reporting a security vulnerability. Once any security pops up, diqu maintainer will be responsible to make an update and might release the patches if necessarily.

Otherwise, please help to explicitly raise the awareness via Report a security vulnerability issue.