should publish a version which fix vulnerabilities to npm under lastest tag

[loynoir]

Actual

$ npm add nodegit
$ npm audit

# npm audit report

got  <11.8.5
Severity: moderate
Got allows a redirect to a UNIX socket - https://github.com/advisories/GHSA-pfrx-2q88-qq97
fix available via `npm audit fix --force`
Will install nodegit@0.26.5, which is a breaking change
node_modules/got
  nodegit  0.0.71 - 0.0.79 || 0.1.0 - 0.2.4 || 0.14.0 - 0.28.0-alpha.20
  Depends on vulnerable versions of got
  Depends on vulnerable versions of node-gyp
  node_modules/nodegit

request  *
Severity: moderate
Server-Side Request Forgery in Request - https://github.com/advisories/GHSA-p8p7-x288-28g6
fix available via `npm audit fix --force`
Will install nodegit@0.26.5, which is a breaking change
node_modules/request
  node-gyp  <=7.1.2
  Depends on vulnerable versions of request
  node_modules/node-gyp

4 moderate severity vulnerabilities

To address all issues (including breaking changes), run:
  npm audit fix --force

Expected

Under npm next tag, Alpha version has grew to 21, seems like there are some road blockers.

But, should publish a version, which fix 4 moderate severity vulnerabilities, to npm under default lastest tag.

Related

#1978