Next.js wants to publish security reports on a monthly basis in a structured and predictable manner. Critical warnings continue to come ad hoc.