Only the latest version gets security updates, however feel free to submit a pull request if you require a security patch for an older version.
Create a new issue to report a vulnerability, mentioning the version of metalsmith-taxonomy that requires a patch.