diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml
index bb1c071c..7505d4bb 100644
--- a/.github/workflows/e2e.yml
+++ b/.github/workflows/e2e.yml
@@ -16,7 +16,7 @@ jobs:
         os:
         - macos-15
         - ubuntu-24.04
-        - windows-2022
+        - windows-2025
       fail-fast: false
     runs-on: ${{ matrix.os }}
     permissions:
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000..216aa5fa
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,5 @@
+# Reporting a Vulnerability
+
+If you discover a security vulnerability within `nw-builder`, please submit a report via the Github's Private Vulnerability Reporting feature.
+
+All security vulnerabilities will be promptly addressed.
diff --git a/src/bld.js b/src/bld.js
index 05ecaa36..864a93be 100644
--- a/src/bld.js
+++ b/src/bld.js
@@ -374,7 +374,7 @@ const compress = async ({
     const writeStream = fs.createWriteStream(`${outDir}.zip`);
     archive.pipe(writeStream);
     archive.directory(outDir, false);
-    archive.finalize();
+    await archive.finalize();
   } else if (zip === 'tar') {
     await tar.create({
       gzip: false,