All versions are supported. Since bilderrahmen is dependency free, no security risks can come from transitive dependencies

You do not need to report anything. We have automated security scanning in progress. Only devDependencies used for building the library are affected anyway.