All versions are supported. Since bilderrahmen is dependency free, no security risks can come from transitive dependencies
You do not need to report anything. We have automated security scanning in progress. Only devDependencies used for building the library are affected anyway.