From bb922a234ec430e65da84c0b3aaffdc399830aa4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ulises=20Gasc=C3=B3n?= <ulisesgascongonzalez@gmail.com>
Date: Mon, 15 Sep 2025 15:07:17 +0200
Subject: [PATCH 1/2] docs: add security escalation policy

---
 SECURITY.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/SECURITY.md b/SECURITY.md
index 816ac507b..eac86a2e5 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -3,3 +3,9 @@
 ## Reporting a Vulnerability
 
 Please report any potential security issues to `team@nodered.org`. This will notify the core project team who will respond accordingly.
+
+## Escalation
+
+If you do not receive an acknowledgement of your report within 6 business days, or if you cannot find a private security contact for the project, you may escalate to the OpenJS Foundation CNA at `security@lists.openjsf.org`.
+
+If the project acknowledges your report but does not provide any further response or engagement within 14 days, escalation is also appropriate.

From 21f93eac0965a5723166c46ab3673e28ff6602e9 Mon Sep 17 00:00:00 2001
From: Mauricio Bonani <bonanitech@gmail.com>
Date: Wed, 17 Sep 2025 14:24:43 -0400
Subject: [PATCH 2/2] Remove empty if block

Fixes #5272
---
 packages/node_modules/@node-red/registry/lib/loader.js | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/packages/node_modules/@node-red/registry/lib/loader.js b/packages/node_modules/@node-red/registry/lib/loader.js
index 4e299ca77..285739084 100644
--- a/packages/node_modules/@node-red/registry/lib/loader.js
+++ b/packages/node_modules/@node-red/registry/lib/loader.js
@@ -308,10 +308,6 @@ async function loadPluginConfig(fileInfo) {
     //     isEnabled = info.enabled;
     // }
 
-
-    if (!fs.existsSync(jsFile)) {
-    }
-
     var plugin = {
         type: "plugin",
         id: id,