I have an issue that I believe should be reported non-publicly (it may end up being deemed safe enough to report via GitHub but I'd rather ask first), however I couldn't find a security bug reporting process documented on any of:
https://github.com/webpack/webpack/blob/master/README.md
https://github.com/webpack/webpack/blob/master/CONTRIBUTING.md
https://webpack.js.org/support/
https://webpack.js.org/development/

Please could a process be created/documented?

Thanks!