diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000000..034e848032
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,21 @@
+# Security Policy
+
+## Supported Versions
+
+Use this section to tell people about which versions of your project are
+currently being supported with security updates.
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 5.1.x   | :white_check_mark: |
+| 5.0.x   | :x:                |
+| 4.0.x   | :white_check_mark: |
+| < 4.0   | :x:                |
+
+## Reporting a Vulnerability
+
+Use this section to tell people how to report a vulnerability.
+
+Tell them where to go, how often they can expect to get an update on a
+reported vulnerability, what to expect if the vulnerability is accepted or
+declined, etc.
diff --git a/package.json b/package.json
index aa0321b9ba..6ab30a8ee3 100644
--- a/package.json
+++ b/package.json
@@ -59,7 +59,7 @@
     "eventsource": "^1.0.7",
     "express": "^4.17.1",
     "hbs": "^4.1.1",
-    "ioredis": "^4.19.2",
+    "ioredis": "^5.2.2",
     "js-yaml": "^3.14.1",
     "lru-cache": "^6.0.0",
     "octokit-auth-probot": "^1.2.2",