An ERC20 implementation that is "good enough"

OpenZeppelin frequently updates their ERC20 implementation. However, it is not the best security practice to always use the most recent version because there could be vulnerabilities which are introduced and not realized until a few weeks or months after the public release.

For this reason, I would prefer to use an old ERC20 implementation, perhaps years old, that is "good enough" given all information currently known. Does OpenZeppelin keep track of any such established version?

I also have the same basic question for every contract in the OpenZeppelin family.

For me, I would like to use the latest stable version, cause maybe it will fix some errors, add some new functions, update some function to save gas and so on.

And all released versions are here: Releases ยท OpenZeppelin/openzeppelin-contracts, and it has an overview for every release version, you can have a look.

If you want to install a previous version, you can use the version flag, such as:

npm i @openzeppelin/contracts@4.0.0